By Erik Sherman
LOS ANGELES (CBS NEWS) — Online retailer Zappos announced late Sunday that criminal hackers broke into its systems and had access to personal information on potentially more than 24 million customer accounts. That would make this the largest data breach since hackers got into Sony’s PlayStation Network last year.
Zappos is emailing customers to tell them that information such as names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and encrypted versions of account passwords might have been compromised in the breach. Zappos reset all passwords to prevent further unauthorized access. It also claimed that full credit card numbers and other payment information (which is stored in a separate database), was unaffected and not accessed.
Zappos’ discounting site 6PM.com was also hacked when attackers broke into a Kentucky data center. The same types of information were compromised in that attack and the site alerted its users.
Zappos is also turning off its customer service telephone lines so customers will have to email any questions instead. What underscores the serious nature of that step is the lengths to which the company has gone at times to satisfy customers, including free returns with no questions asked.
Even if no full credit card numbers were stolen, the amount of information that may have been stolen is significant. Knowing such information as a name, address, phone, and just the last four numbers of credit cards (often used by companies to verify identity over the phone) could be enough for criminals to steal identities.