Zappos, Amazon's online retail service has faced a major data breach at its Kentucky-based datacenter. This breach is expected to affect almost 24 million customers, both past and present account holders, making it the biggest cyber-attack since the Playstation Network hack last year. The hacker gained unauthorised access to the site's internal networks through the online shoe and clothes servers. The site has been taken down temporarily for international users. Zappos has assured that Amazon servers have not been affected by the hack.
With access to internal networks, Customers' personal information like name, email address, including the billing and postal addresses may be at risk. Cryptographically jumbled passwords and the last four-digits of customers’ credit card numbers may be vulnerable as well, says Zappos chief executive Tony Hsieh. The only saving grace here might be the fact that the database storing customers’ critical credit card and other payment data was not hacked.
The company is working with U.S. law enforcement to investigate the issue and figure out if the data was downloaded from its servers and to avoid as much damage as it can that was suffered by its customers. The nature of the hack is still unknown and Zappos has shut down its services for any international traffic currently. The organization is still clueless where the hack originated from or the time of attack.
Zappos has also cut off its telephone networks for now and is only replying to queries through e-mail as a cautionary measure. Though the passwords were hashed, Zappos has suggested that all customers change their passwords and if similar passwords were used on other sites then those should be changed immediately too.
Source: ZDNet Image Credit: amNewYork