Zappos customers got more from the online shoe retailer this month than a pair of winter boots. They all received a bit of a shock on Sunday when CEO Tony Hsieh revealed that the company suffered a security breach on one of its Kentucky servers.
It appears the hacker was able to get access to data such as customer names, home addresses, and last four digits of customer credit cards (which can be found on most receipts). Secure credit card and payment data remained untouched, Hsieh said.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Hsieh said in an e-mail to the site’s more than 24 million customers last night. “It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”
The hack also affected Zappos affiliate 6pm.com, which sent the same warning message to its customers.
While a security breach is never good news, things certainly could have been much worse for Zappos. Sony’s PlayStation Network hack, for example, compromised 12.3 million users’ credit cards and led to downtime of almost a month. Despite the breach, Zappos will continue running as normal.
As a security precaution, the site has expired and reset customer passwords — an easy way to force users to change potentially compromised passwords. Zappos also recommends that its customers change passwords on any other sites that share their Zappos e-mail login and password.