Home > >

Zappos.com and 6pm.com have been hacked.


POST A REPLY
 
Thread Tools
Jan 15, 2012, 10:35pm   #1
quackedup's Avatar
Thread Starter
quackedup
Member
FYI

http://blogs.zappos.com/securityemail
http://www.6pm.com/securityemail

Over this weekend, Zappos.com and 6pm.com have been breached.
They have now blocked international IPs from various parts of their site.
It looks like the attack happened on Friday 13th as thats when lots of users got 403 Forbidden messages from the sites.

In the interest of security, everyone with accounts on these sites should change their passwords that they use on other sites (if they use the same password across different sites),
and
check your paypal and credit card statements carefully for unauthorised charges...
Jan 16, 2012, 12:54am   #2
pinkfeet's Avatar
pinkfeet
Member
Well that's lovely. I never ordered from zappos before and just did a few weeks ago for a belated Xmas gift.

Great.
Sigh... I never even got an email from them. Just heard about it here. Wtf
Jan 16, 2012, 1:52am   #3
s
snicki
Member
I wondered about that - I tried to access Zapppos, and got a message that they're no longer accepting international IP's. I sent them an irritated email - it always seems so offensive when websites don't allow international IP's to even view the website. It seems so much more melodramatic than just not providing international shipping options or something.

If they were hacked though, then I feel bad about the irritated email. Does anyone (who can actually access the site) know if it's a temporary measure, or going to be company policy from now on?
Jan 16, 2012, 2:38am   #4
PickyCoachLover's Avatar
PickyCoachLover
MoreRoseGoldPlease
They said that CC info was not hacked...just name, email addy, address, etc.
Jan 16, 2012, 4:54am   #5
babycinnamon's Avatar
babycinnamon
Member
Ughh!! Thank god I don't save my CC info to the account profile when ordering online! When things like this happens, it makes me so paranoid about buying online!

If anyone wants to know here is the text of e-mail that was sent out:

"First, the bad news:

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on 6pm.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

THE BETTER NEWS:

The database that stores your critical credit card and other payment data was NOT affected or accessed.

SECURITY PRECAUTIONS:

For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.

We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that 6pm.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.

PLEASE CREATE A NEW PASSWORD:

We have expired and reset your password so you can create a new password. Please create a new password by visiting 6pm.com and clicking on the "Create a New Password" link in the upper right corner of the web site and follow the steps from there.

We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at passwordchange@6pm.com."
Jan 16, 2012, 8:34am   #6
l
lindacris
Member
I placed my first order ever with 6pm last night just before this happened. I guess I need to check my account.
Jan 16, 2012, 10:22am   #7
papillon216's Avatar
papillon216
Member
They should've stated the WORST NEWS: We are currently not available on international ips so sorry to our international customers who have no way of changing their passwords!!!

How are international customers supposed to deal with this then?!
Jan 16, 2012, 10:56am   #8
D
DiamondGirl1
Member
Originally Posted by papillon216
They should've stated the WORST NEWS: We are currently not available on international ips so sorry to our international customers who have no way of changing their passwords!!!

How are international customers supposed to deal with this then?!
Zappos has expired ALL passwords that were on their site. When they wade through this, I am sure they will allow international IPs again, at that time you probably can go in and reset your password.
Jan 16, 2012, 11:31am   #9
Shanismom's Avatar
Shanismom
Member
Has anyone been able to change passwords? I'm still waiting to receive the email with instructions to change passwords.
Jan 16, 2012, 11:37am   #10
Shopmore's Avatar
Shopmore
Member
Originally Posted by Shanismom
Has anyone been able to change passwords? I'm still waiting to receive the email with instructions to change passwords.
For the 6pm site - there is a "Create a New Password" link on the top right of the home page. Not sure about the zappos site.
Jan 16, 2012, 11:39am   #11
jroger1's Avatar
jroger1
Member
Both sites have the same button at the top right of the page. But when you click it then the wait game begins. The system that generates the email that will allow you change your password is bogged down. It took almost a full hour for me to receive my email message, in fact I'm still waiting on the one from 6pm.
Last edited Jan 16, 2012 at 11:40am. Reason: add
Jan 16, 2012, 1:56pm   #12
LovesYSL's Avatar
LovesYSL
Member
I got the email this morning. I've never ordered from Zappos but once I emailed them a question and they as a result made a VIP account for me.
Annoying.
I wonder how their business will suffer as a result. I know I'm not comfortable placing an order now.
Jan 16, 2012, 4:03pm   #13
s
susansarah
Member
I got an email from Zappos last night. I'm changing all my passwords now. They should have sent a notice!
Jan 16, 2012, 7:32pm   #14
Pursissima's Avatar
Pursissima
Member
I was prompted to change password as I logged on, so now all is good. Thanks for the information.
Jan 16, 2012, 7:33pm   #15
papillon216's Avatar
papillon216
Member
I have a VIP account, supposedly. At least it's good to know they disabled ALL passwords.
POST A REPLY
  HOME > >  
TOP

Thread Tools