This one pains me on a personal level, since I’m a bit of shoe addict, but customers of Zappos.com have just had their personal info compromised this weekend. Data, such as customer names, e-mails, billing and shipping addresses, phone numbers, and partial credit card numbers were vulnerable to seizure (though, thankfully, not full numbers, thanks to the company stashing those separately).
Although the investigation is ongoing, Zappos believes that the deed was done via an attack on one of the company’s servers based in Kentucky. The company disclosed the incident by posting an alert on the site Sunday night and emailing customers, letting them know that their passwords will be reset, so they can change them. It also urged users to consider anywhere else they might use the same code, and switch those up as well.
It’s not clear who the perpetrator is, but given the target here, it doesn’t seem like it was an act of protest levied against the technocrats, like many other high profiles incidents over the past year or two. It’s more likely to be just a simple “smash and grab” robbery aimed at the techno-innocent of innocents, the everyday mainstream consumer.
Let this be a warning: If any of your loved ones are among the shoe-addicted, be sure that they beat a path to this link to change their code. This should also serve as reminder for all of us not to use the same password across various sites — whether tech-related, shopping or otherwise.