If you’ve ever shopped online on Zappos.com then there’s an email in your inbox asking you to create a new password. As the vigilant web user that you are (right?), you may have thought this to be a phishing scam out to steal your personal data. Well it’s not. The email is the real deal, letting you know that your data might have already been stolen. Zappos.com got hacked.
That’s right, over the weekend 24 million people had their personal data exposed from the popular online shoe site. Cybercriminals were able to hack into the company’s internal network and access customer info.
This includes “your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)” according to the email sent out. That’s the bad news though.
The email goes on to say the “better” news is that no “critical credit card and other payment data” was accessed. While that is somewhat good news, your data was still stolen.
It’s a bit more serious than falling for Facebook scam. In those cases offers for free Costco gift cards or Southwest Airline tickets trick you into filling in your data yourself into a survey or something. With data breaches, the company you trust your personal data with fails to keep it secure. If Amazon can get hacked though, it shows how smart hackers are getting.
Like their email says, the best thing you can do is change your password. If you haven’t already done so or haven’t got the email, go to the site and do it anyways by clicking on the “Create a New Password” link in the upper right corner. Do not update anything by replying to an email.