Online retailer Zappos.com is asking its 24 million customers to reset their passwords after a cyberattack, according to a posting on the company’s website.
“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” says the posting, which was sent out as an e-mail from company CEO Tony Hsieh to Zappos employees on Sunday.
The company said it had expired and reset customers’ passwords and would be sending an e-mail with further instructions to all its customers. It also posted password reset instructions on its website.
Zappos said that hackers gained access to customers’ names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of credit card numbers and encrypted passwords.
Full credit card numbers and other payment info were stored on a separate server which was not hacked, the company said.
Because it expects a deluge of phone calls related to the hacking, Zappos said it was temporarily turning off its phones and would answer all inquiries by e-mail.
“If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place,” the company’s e-mail to employees said.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident,” Hsieh’s e-mail said..