Business

Zappos.com shuts down phones, battles security breach

  • Jerry Henkel/Las Vegas Review-Journal

    Zappos.com CEO Tony Hsieh hands out a copy of the email sent to customers to news media prior to making a statement, Monday, Jan. 16, 2012, at the company headquarters in Henderson concerning the reports of the company's customer records being hacked. » Buy this photo

Previous image Enlarge Close Next image
/

  • Zappos.com CEO Tony Hsieh speaks Monday about the company's customer records being hacked. Jerry Henkel/Review-Journal » Buy this photo

Previous image Enlarge Close Next image
/

Related Content

By CAITLIN MCGARRY
LAS VEGAS REVIEW-JOURNAL
Posted: Jan. 16, 2012 | 5:57 p.m.
Updated: Jan. 17, 2012 | 7:34 a.m.

Don't bother calling Zappos.com today. The online shoe retailer won't answer.

The Las Vegas Valley-based company temporarily turned off its phones Monday and would only respond to customers by email after announcing that 24 million customer accounts were compromised in a security breach.

The company Monday morning alerted account-holders of the incident and reset all passwords so customers have to choose a new one to log in.

For customers, the breach means names, addresses, scrambled passwords and the last four digits of credit numbers have been compromised.

Zappos CEO Tony Hsieh said the database that stores customers' credit card and other payment information was not accessed during the breach of one the company's servers in Kentucky.

At Zappos headquarters, full-scale crisis control is under way.

"We need all hands on deck to help get through this," Hsieh wrote to employees in a widely circulated email.

By 8 a.m. Monday, workers in all departments at the company's offices in Henderson were on customer service detail. Hsieh on Monday said the company may turn its phones back on by end of day today, depending on the volume of customer feedback.

Hsieh, citing the ongoing investigation, in a Monday news conference declined to say when the breach occurred, name any law enforcement agencies the company is working with or say whether it is known why the online shoe retailer was targeted.

Zappos, which employs nearly 2,000 people and has annual revenues of more than $1 billion, joins the ranks of high-profile companies that have been hacked in the past year, including Sony, Lockheed Martin, Citigroup, PBS and intelligence firm Strategic Forecasting Inc., which was the target of a politically motivated hack in December.

Stratfor, as the Austin, Texas-based company is known, had a credit card breach and then a server attack in December, which knocked the site offline. After hiring a security firm to rebuild its tech infrastructure, Stratfor on Jan. 11 relaunched its website, according to Reuters.

The Stratfor attack has been cited as a cautionary tale for small and midsize businesses that may not be as attentive to computer security as large corporations.

Sony last April experienced a breach in its PlayStation Network that compromised the data of 77 million users. Sony waited a week to tell users about the hacking incident, sparking a consumer outcry.

IT specialist Jeff Berg, president of Computer Troubleshooters Las Vegas, said security breaches are common, particularly for large companies.

"Even Amazon has intrusions. The bigger you are, the more likely you'll have intrusions," Berg said. "If someone wants to break into your house, they'll break into your house."

Zappos has taken the appropriate steps in its customer outreach, Berg said, preventing a larger public relations debacle.

"The worst thing you can do is not tell anybody," he said. "They released the information quickly."

Hsieh would not say what changes, if any, Zappos plans to implement to prevent future hacks.

"We can't comment on the specifics of our security," he said during the news conference. "It would be analogous to a casino broadcasting to the public their guard change shift schedules."

Right now, he said, the company is focused on getting customers to change their passwords.

One Las Vegas customer who asked that her last name not be used, 63-year-old Anne Marie, reached out to the Review-Journal after receiving two emails Monday morning: one from Zappos, about the security breach, then one from American Express, about fraudulent activity on her credit card.

"It could be a coincidence that it happened just after the Zappos email," the retiree said. "If I'm the only one out of 24 million people, then I guess it's a coincidence. I wonder if other people are affected."

Hsieh said Zappos hasn't heard "anything outside the usual" about credit card fraud and reiterated during the news conference that the company's payment information database was not compromised.

For Anne Marie, who has only ordered from Zappos once but is a regular Amazon customer, the hacking experience has had a "chilling effect."

"I'm a little leery, a little afraid now to do business with Amazon or Zappos," she said. "If it can happen to this major website, it can happen to any of them."

Contact reporter Caitlin McGarry at cmcgarry@reviewjournal.com or 702-387-5273.

Comments

Registration Notice: The Review-Journal has implemented a new registration procedure that requires all existing and new accounts to validate and login using Facebook. Visit the Registration FAQ for more information.
Terms & Conditions

The following comments are provided by readers and are the sole responsiblity of the authors. The Review-Journal does not review comments before publication nor guarantee their accuracy. By publishing a comment here you agree to abide by the comment policy. If you see a comment that violates the policy, please use the Report Abuse button.

Some comments may not display immediately due to an automatic filter. These comments will be reviewed within 24 hours. Please do not submit a comment more than once.

Note: Comments made by reporters and editors of the Las Vegas Review-Journal are presented with a yellow background.

  1. mtishere Jan. 18, 2012 | 11:40 a.m. Report Abuse

    Zappos knew about this since last Friday! Don't be fooled. So, your full credit card number was not compromised but your Name(as it appears on your credit card), Email, Your Billing Address(which should be the same for the rest of all of your credit cards), Your Telephone number, Last 4 Digit of your credit card number and Password. That is A LOT of information that online fraud needs and that is a hell of a lot worse than your full credit card number. Yes, it was smart to shut off the phones. They don't have the man power to assist with the phone calls but I love how they hide behind the generic emails!!!! Hmm.... Amazon was not effected or any of their other online retail companies? Just Zappos? Sounds suspect!

  2. Hobi-Wan Kenobi Jan. 17, 2012 | 2:41 p.m. Report Abuse

    Zappos is a great company that focuses on Customer Service. They were responsible enough to notify customer and media that they had a problem with their servers being hacked.
    This is a case of your damned if you do and damned if you don't. I believed that they handle the situation as best as possible under the circumstances. Also, shutting down the phones was a smart move as they are now better to handle inquires more efficiently. Let's not forget, they've done alot and plan to do more investing in our local economy - let's stand behind them!

  3. Jack.Sprat Jan. 17, 2012 | 2:38 p.m. Report Abuse

    gbigs who usually is an ignorant jerk is correct. The Russian mob now has your full name, your address, your home telephone number, your email and the last 4 digits from the CC you used. That's enough data points to really screw somebody over ID theft wise. This is a HUGE deal. Good thing Amazon bought these Hipster Doofi because they are gonna need those deep pockets.

  4. gbigs Jan. 17, 2012 | 1:59 p.m. Report Abuse

    okay goof. let me explain why this is a bad deal. 1. people use their REAL names on the accounts, that is compromised now. 2. credit card info is in the record. 3. location is in the record 4. some people use the same password in many places, getting their favorite is a pain in the rear, many will miss that they need to run around and change it now. @rabidelf. before you open your mouth on a subject you dont know about, suggest you THINK first.

  5. RabidElf Jan. 17, 2012 | 1:37 p.m. Report Abuse

    So people's login information was accessed. ZOMG call the national gaurd! Zappos reset everyone's passwords so now their acounts can't be acccessed. This is so not a big deal.

  6. gbigs Jan. 17, 2012 | 12:04 p.m. Report Abuse

    they may as well shutter up. any 'customer' that stays with this error is dumb. they will not remove customer accounts. and have opened up 25 million to ID theft. its a crime, not just a problem.

  7. Stormcloud Jan. 17, 2012 | 10:58 a.m. Report Abuse

    Zappos seems to be more worried about employees having "fun" than being a serious company. They should be more focused on protecting customer info than playing games during work.

  8. tvguy Jan. 17, 2012 | 10:25 a.m. Report Abuse

    That's what you get when you use Windows!!!

  9. gbigs Jan. 17, 2012 | 8:42 a.m. Report Abuse

    this company is rogue. they WILL NOT delete accounts for customers wanting out. they have a LEGAL and MORAL responsibility to let accounts go that want out. the company is too lame to protect customer accounts, it does not deserve to have them.

  10. Army Vet Jan. 17, 2012 | 8:36 a.m. Report Abuse

    Now I am waiting for them to provide the customers affected a discount for the time and trouble this is causing by having to change passwords and monitor their credit card for fraudulent activity.

Read All Comments

Thursday, May 24, 2012
Sunny Sunny, 78° Weather Forecast