Zappos Is Lying to Its Customers

Over the weekend, the Amazon-owned Zappos online-store was hacked, resulting in 24 million compromised customer accounts. Forbes reports:

Twenty-four million Zappos customers are getting an unpleasant Sunday-evening surprise.

The Amazon-owned e-commerce firm has revealed that it was the target of a cyber attack that gained access to its internal network, including the accounts of 24 million of its users. Though the company says that no complete credit card numbers were revealed in the breach, the intruders may have accessed customers’ names, e-mail addresses,  phone numbers, addresses, the last four digits of their credit card numbers, and encrypted passwords. Zappos says it’s taken the precaution of resetting the passwords of all its customers and directing them to set a new password upon visiting the site.

“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” chief executive Tony Hsieh wrote to Zappos employees in an email posted to the site, declining to offer more information about the breach. ”We are cooperating with law enforcement to undergo an exhaustive investigation.”

But this is what’s actually on the consumer site when you try to log-in:

We apologize for the inconvenience however a recent security update has resulted in the need for you to reset your password. By resetting your password, you’ll have a more secure experience on our website.

Yeah, a security update necessitated by Zappos’ incompetence. Back to the Forbes piece:

Even after choosing a new Zappos password, users should be careful to also change their passwords on any site where they’ve used a similar or identical password, in case Zappos’ intruders are able to decrypt the scrambled passwords they’ve stolen. Zappos is also warning affected customers to watch out for phishing emails that will use their stolen email addresses to spoof official Zappos emails and ask for account credentials or financial details.

It would be, you know, helpful, if Zappos told their customers this on their website.

Most Popular

U.S.

The Gun-Control Debate Could Break America

Last night, the nation witnessed what looked a lot like an extended version of the famous “two minutes hate” from George Orwell’s novel 1984. During a CNN town hall on gun control, a furious crowd of Americans jeered at two conservatives, Marco Rubio and Dana Loesch, who stood in defense of the Second ... Read More
Religion

Billy Graham: Neither Prophet nor Theologian

Asked in 1972 if he believed in miracles, Billy Graham answered: Yes, Jesus performed some and there are many "miracles around us today, including television and airplanes." Graham was no theologian. Neither was he a prophet. Jesus said "a prophet hath no honor in his own country." Prophets take adversarial ... Read More
Film & TV

Why We Can’t Have Wakanda

SPOILERS AHEAD Black Panther is a really good movie that lives up to the hype in just about every way. Surely someone at Marvel Studios had an early doubt, reading the script and thinking: “Wait, we’re going to have hundreds of African warriors in brightly colored tribal garb, using ancient weapons, ... Read More
Law & the Courts

Obstruction Confusions

In his Lawfare critique of one of my several columns about the purported obstruction case against President Trump, Gabriel Schoenfeld loses me — as I suspect he will lose others — when he says of himself, “I do not think I am Trump-deranged.” Gabe graciously expresses fondness for me, and the feeling is ... Read More