The cyber attack occurred on one of Zappos’ servers located in Kentucky. The hacker was able to gain access to part of the company’s internal network and systems. Company CEO Tony Hsieh said in an e-mail to employees that Zappos is working with law enforcement to undergo an exhaustive investigation.
According to Zappos chief executive Tony Hsieh, although Credit card information had not been stolen, but names, email addresses and other personal information may have been exposed. Zappos said customers’ passwords were exposed in the hack, but the online retailer insisted that they were encoded and that attackers had no access to customers’ actual passwords. Resetting its users’ passwords was just an added precaution since it is highly unlikely the hackers will be able or would take the time to unlock the encryption.
Now Zappos has started to contact customers asking them to choose new passwords for zappos.com and other sites where they may have used the same or a similar password.
Hsieh wrote in the company memo :
We’ve spent over 12 years building our reputation, brand and trust with our customers. It’s painful to see us take so many steps back due to a single incident.
Amazon’s Purchase of ZapposZappos, which started out as an online shoe retailer but now sells clothing and accessories too, was sold to Amazon for more than USD $1bn (GBP £650m) in 2009.
Zappos was founded in 1999 and since then it had established itself as the largest online shoe store.