Posting here instead of Money or Up To The Minute because of the target audience.
Continued: http://redtape.msnbc.msn.com/_news/...ay-have-accessed-info-on-24-million-customersZappos says hacker may have accessed info on 24 million customers
By Bob Sullivan
Online retailer Zappos.com is telling 24 million customers that their personal information has been hacked, and forcing all of them to reset their passwords. Cyber criminals may have accessed customers' names, e-mail addresses, billing and shipping addresses, phone number, and the last four digits of consumers' credit card numbers, the firm said in an announcement that was posted on Zappos' Web site late Sunday night. Full credit card numbers were not stolen, the firm said, because they were stored separately.
The announcement included the text of an e-mail that Zappos customers will soon receive.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation," says the e-mail, which is signed by Tony Hsieh, Zappos CEO. "For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password. We also recommend that you change your password on any other web site where you use the same or a similar password."
While passwords that may have been stolen were cryptographically scrambled, Zappos said, it is still requiring all consumers to change their passwords. Zappos also recommends that consumers who use their Zappos password on other sites — a common, if unsafe, practice — should change those passwords, too.
Zappos has set up a special Web page for customers to visit and change the password: http://www.zappos.com/passwordchange.
Anticipating a flood of customer service calls in response to the notification e-mail, Zappos is taking the unusual step of turning off its customer service telephone lines and forcing consumers with questions to send them in via e-mail.