Zappos Reports 24 Million Accounts Accessed by Hackers

Libby Kane

Posted on Jan 17, 2012

Red alert: Over the holiday weekend, online retailer Zappos reported a major security breach.

An unauthorized person or persons gained access to 24 million user accounts on the site, but not to credit card or payment data.

Now Zappos is requiring customers whose accounts were accessed to create new passwords on any other sites where they used the same password as a precaution.

While the numbers are sensational (24 million?), how exactly are Zappos users affected by the breach?

It’s Disclosure, Not Distress

The Wall Street Journal points out that Zappos is disclosing the incident to the public in order to “maintain transparency and user trust.” It’s a lot less critical than it seems: The mere fact that the company’s defenses didn’t hold up to a hacker shakes customers’ trust in the site, but by all appearances the most sensitive info (the money) is still safe and sound. After all, the only information they got are the last four digits of the credit cards, which is the same information you’d find on a credit card receipt, and the encrypted versions of people’s passwords.

Zappos is owned by Amazon, but the hack affected Zappos and its site 6pm.com only. Amazon accounts are safe and sound.

The incident serves only to emphasize the importance of secure passwords. Fortunately, we’ve scoured the internet for the best tips from experts like Mozilla Firefox and security firm Sophos. For their top three tips, easily digestible in handy infographic form, read this. (Hint: Song lyrics can make the difference.)

More From LearnVest

It’s the perfect place for a secure password: The LearnVest My Money Center.
See scams coming a mile away with our breakdown of the anatomy of a scam email.
How likely are you to suffer identity theft?