Zappos.com CEO Tony Hsieh told the online retailers 24 million customers Sunday that the company was the victim of a cyber attack, but that the database that stores customers’ critical credit card and other payment data was not affected or accessed.
The attackers, however, may have gained access to names, e-mail addresses, bill and shipping addresses, phone numbers, the last four digits of credit cards and cryptographically scrambled passwords, Hsieh told Zappos.com customers in an e-mail. Cyber criminals could use much of that information to mount phishing attacks.
Zappos.com reset customers’ passwords and asked that they create new ones. The company is cooperating with federal investigators to identify the source of the attack, which targeted one of its servers in Kentucky.
“We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume,” Hsieh wrote. “(If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.)”
