and have been hacked.

  1. FYI

    Over this weekend, and have been breached.
    They have now blocked international IPs from various parts of their site.
    It looks like the attack happened on Friday 13th as thats when lots of users got 403 Forbidden messages from the sites.

    In the interest of security, everyone with accounts on these sites should change their passwords that they use on other sites (if they use the same password across different sites),
    check your paypal and credit card statements carefully for unauthorised charges...
  2. Well that's lovely. I never ordered from Zappos before and just did a few weeks ago for a belated Xmas gift.

    Sigh... I never even got an email from them. Just heard about it here. Wtf
  3. I wondered about that - I tried to access Zapppos, and got a message that they're no longer accepting international IP's. I sent them an irritated email - it always seems so offensive when websites don't allow international IP's to even view the website. It seems so much more melodramatic than just not providing international shipping options or something.

    If they were hacked though, then I feel bad about the irritated email. Does anyone (who can actually access the site) know if it's a temporary measure, or going to be company policy from now on?
  4. They said that CC info was not hacked...just name, email addy, address, etc.
  5. Ughh!! Thank god I don't save my CC info to the account profile when ordering online! When things like this happens, it makes me so paranoid about buying online!

    If anyone wants to know here is the text of e-mail that was sent out:

    "First, the bad news:

    We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).


    The database that stores your critical credit card and other payment data was NOT affected or accessed.


    For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.

    We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.


    We have expired and reset your password so you can create a new password. Please create a new password by visiting and clicking on the "Create a New Password" link in the upper right corner of the web site and follow the steps from there.

    We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at"
  6. I placed my first order ever with 6pm last night just before this happened. I guess I need to check my account.
  7. They should've stated the WORST NEWS: We are currently not available on international ips so sorry to our international customers who have no way of changing their passwords!!!

    How are international customers supposed to deal with this then?!
  8. Zappos has expired ALL passwords that were on their site. When they wade through this, I am sure they will allow international IPs again, at that time you probably can go in and reset your password.
  9. Has anyone been able to change passwords? I'm still waiting to receive the email with instructions to change passwords.
  10. For the 6pm site - there is a "Create a New Password" link on the top right of the home page. Not sure about the zappos site.
  11. #11 Jan 16, 2012
    Last edited: Jan 16, 2012
    Both sites have the same button at the top right of the page. But when you click it then the wait game begins. The system that generates the email that will allow you change your password is bogged down. It took almost a full hour for me to receive my email message, in fact I'm still waiting on the one from 6pm.
  12. I got the email this morning. I've never ordered from Zappos but once I emailed them a question and they as a result made a VIP account for me.
    I wonder how their business will suffer as a result. I know I'm not comfortable placing an order now.
  13. I got an email from Zappos last night. I'm changing all my passwords now. They should have sent a notice!
  14. I was prompted to change password as I logged on, so now all is good. Thanks for the information.
  15. I have a VIP account, supposedly. At least it's good to know they disabled ALL passwords.