Zappos Is Lying to Its Customers

Hanson: Two, Three, Many Obamas

Ponnuru: The Empty Playground and the Welfare State

Cooke: Dining Out on Dubious Identity

Nordlinger: Romney’s riches, &c.

Pipes: Counting Palestine Refugees

Sowell: ‘Meaningful Work’

Higgins: Robert Higgins’s War

Murdock: WWII Hero Wins Presidential Medal of Freedom

Lopez: Archbishop Lori and the First Principle

Barone: Attacks on Bain Could Backfire

McCarthy: Christie Is Not One of Us

Steyn: The Facebook Caliphate

Trinko: Will Fear Decide Texas Senate Race?

Symposium: Polling Life

Rohac: Austerity: Not Just How Much but How

Franc: Is the Constitution a Republican Plot?

Keune: 'Clean Coal' Means No Coal

Lugo: Coexisting with Sharia

Lowry: Unleash Biden!

Malkin: Obama’s Land of the LOST

New on NRO . . .

Media Blog

NRO’s MSM watchdog.

About This Blog Archive E-Mail RSS Send

Print | Text

Zappos Is Lying to Its Customers

By Greg Pollowitz

January 16, 2012 9:17 A.M.

Comments

Over the weekend, the Amazon-owned Zappos online-store was hacked, resulting in 24 million compromised customer accounts. Forbes reports:

Twenty-four million Zappos customers are getting an unpleasant Sunday-evening surprise.

The Amazon-owned e-commerce firm has revealed that it was the target of a cyber attack that gained access to its internal network, including the accounts of 24 million of its users. Though the company says that no complete credit card numbers were revealed in the breach, the intruders may have accessed customers’ names, e-mail addresses, phone numbers, addresses, the last four digits of their credit card numbers, and encrypted passwords. Zappos says it’s taken the precaution of resetting the passwords of all its customers and directing them to set a new password upon visiting the site.

“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” chief executive Tony Hsieh wrote to Zappos employees in an email posted to the site, declining to offer more information about the breach. ”We are cooperating with law enforcement to undergo an exhaustive investigation.”

But this is what’s actually on the consumer site when you try to log-in:

We apologize for the inconvenience however a recent security update has resulted in the need for you to reset your password. By resetting your password, you’ll have a more secure experience on our website.

Yeah, a security update necessitated by Zappos’ incompetence. Back to the Forbes piece:

Even after choosing a new Zappos password, users should be careful to also change their passwords on any site where they’ve used a similar or identical password, in case Zappos’ intruders are able to decrypt the scrambled passwords they’ve stolen. Zappos is also warning affected customers to watch out for phishing emails that will use their stolen email addresses to spoof official Zappos emails and ask for account credentials or financial details.

It would be, you know, helpful, if Zappos told their customers this on their website.

COMMENTS 1

EXPAND

mcg 01/17/12 17:45
Greg, they sent an email to all customers that explicitly stated that there was a security breach. The text of the email is here: External Link We're regular Zappos customers. And with the information we've been given I hardly think it's fair to say they've been lying to us. Reply to this comment Link Report Abuse