The account information for millions of customers at Zappos.com, an online shoe and clothing company, may have been compromised by a hacking attack, the company’s chief executive, Tony Hsieh, wrote on Sunday in an e-mail to employees.
In the message, posted on the Zappos Web site, Mr. Hsieh said a criminal “gained access to parts of our internal network and systems” through one of the company’s servers in Kentucky.
He wrote, in capital letters, that the database containing complete credit card and other payment information for Zappos customers had not been accessed.
Mr. Hsieh said the company would send an e-mail notifying the more than 24 million accountholders of the incident, including details about the information that might have been obtained: names, e-mail addresses, billing and shipping addresses, phone numbers and the last four digits of credit cards. The messages will encourage customers to create a new password for both Zappos and “any other Web site where you use the same or a similar password.”
The company had already reset all passwords, the e-mail said.
Mr. Hsieh said the company made the “hard decision” to temporarily shut off its phones, directing customers to correspond by e-mail because the phone systems “simply aren’t capable” of handling the expected volume of inquiries.
All employees at the company’s headquarters in Henderson, Nev., would be asked to assist customers, “regardless of department,” he wrote.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Mr. Hsieh said. “It’s painful to see us take so many steps back due to a single incident.”
In 2009, Zappos was sold to Amazon.com for more than $1 billion.
Article source: http://feeds.nytimes.com/click.phdo?i=9bd9486deb5e4748af64d140c56d9dc7