Zappos, the shoe-and-apparel-selling division of Amazon, has been hit by cyber attackers and has had one of its servers compromised and information from it exfiltrated.
The incident was revealed when an internal memo by Zappos CEO Tony Hsie sent to his employees was made public.
In it, he says that the attackers have gained access to parts of the company’s internal network and systems through one of their servers in Kentucky, that the FBI has been involved in the investigation, that the 24+ million customers will be notified of the fact and asked to change the password to their accounts, and that credit card data and payment data was not accessed.
He also included the email that the customers will be receiving, in which they are warned about the possibility of their name, e-mail address, billing and shipping addresses, phone number, the last four digits of their credit card number, and their “cryptographically scrambled” password having been compromised.
The email will advise the customers to create a new password for their Zappos.com account and to change the password to other online accounts if they have used the same one for multiple accounts.