Zappos website was unavailable to international traffic on Monday morning
(WEB HOST INDUSTRY REVIEW) — Online retailer Zappos announced on Sunday that the passwords, email addresses, and partial credit card information belonging to 24 million customers may have been exposed in an attack on a server in a Kentucky data center.
On Monday morning Zappos website was unavailable to international traffic. Zappos has also shut down its phone support lines and is accepting email only. It says this tactic will save time “due to the volume of inquiries (its) expecting.”
“In order to service as many customer inquiries as possible, we will be asking all employees at our headquarters, regardless of department, to help with assisting customers,” Zappos said in a statement.
In a blog post on Sunday night, Zappos said the servers responsible for storing full credit card and payment details were not impacted or accessed, but as a precaution it still reset and changed existing passwords of the customers affected. It also urged customers using the same password on other sites to change those as well.
Zappos said it is currently cooperating with law enforcement to undergo an “exhaustive” investigation, and was unable to go into detail on the specifics of the attack. It is unclear when the breach occurred.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident,” Zappos CEO Tony Hsieh said in a letter to customers.
Zappos was bought by Amazon in 2009 for more than $1 billion.
According to the security page on its website, transactions are secured by SSL certificates provided by VeriSign, and its sites display Trustwave seals.
Zappos says it doesn’t require the three digit code on the back of credit cards because it takes too much time, although it says it is looking into adding it.
“Not only are we PCI compliant and encrypt connections using SSL technology, we also encrypt payment information traveling within our company as well,” the website says. “All payment information is encrypted while in storage within a network that is firewalled off from the rest of the company and the internet.”
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
