View RSS Feed

IMC News

Zappos Hacked Customers Beware of Account Phishing Scams

Rate this Entry
Zappos' site was compromised by hackers yesterday. Luckily the hackers were not able to get any credit card data, but other customer information was obtained. [URL="http://www.zappos.com/passwordchange"]Zappos immediately sent emails[/URL] to the effected customers:

"Subject: Information on the Zappos.com site - please create a new password

First, the bad news:

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mailaddress, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

THE BETTER NEWS:

The database that stores your critical credit card and other payment data was NOT affected or accessed.

SECURITY PRECAUTIONS:

For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.

We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.

PLEASE CREATE A NEW PASSWORD:

We have expired and reset your password so you can create a new password. Please create a new password by visiting Zappos.com and clicking on the "Create a New Password" link in the upper right corner of the web site and follow the steps from there.

We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at [email]passwordchange@zappos.com[/email]"

From [URL="http://mashable.com/2012/01/16/zappos-phishing-scams/"]Mashable[/URL]: "[COLOR=#474747]Robert Siciliano, a McAfee consultant and identity theft expert, says he expects whoever hacked Zappos’s site will now sell the data to people who run phishing scams. “They’ll sell it 10,000 accounts at a time, short money, like $100,” he says. While hackers don’t have complete credit card numbers, Siciliano says there’s enough information for a hacker to approach affected users as either Zappos or the credit card company and then ask them for more data — the classic phishing scam — which might be supplemented with a voicemail “vishing” attack as well.[/COLOR][COLOR=#474747]Siciliano warns users who got Hseih’s email to avoid clicking on links that purport to be from either Zappos or their credit card firm over the next few months. Phony emails and voicemail messages typically ask users to “update” their info, giving hackers access to more potentially damaging data."

Also see:

[URL="http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CEEQqQIwAA&url=http%3A%2F%2Fwww.pcworld.com%2Fbusinesscenter%2Farticle%2F248244%2Fzappos_hacked_what_you_need_to_know.html&ei=3QMVT8SJFYjh0QG97bTEDA&usg=AFQjCNHDyZQzEvD8Bjitns3qxUdd133hBQ&sig2=Wn12U_LUPqsnB855faawgg"]Zappos Hacked: What You Need To Know[/URL]

[URL="http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CFAQFjAC&url=http%3A%2F%2Fmoney.cnn.com%2F2012%2F01%2F16%2Ftechnology%2Fzappos_hack%2Findex.htm&ei=3QMVT8SJFYjh0QG97bTEDA&usg=AFQjCNEEs2CDt5ITg6isqjxHzJ9_sG_Utg&sig2=CiVeLPLftEUhMx8lxZDrCA"]Zappos Hacked 24 Million Accounts Accessed[/URL]

[URL="http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CEcQqQIwAQ&url=http%3A%2F%2Fwww.kgan.com%2Fshared%2Fnewsroom%2Ftop_stories%2Fvideos%2Fkgan_vid_9604.shtml&ei=3QMVT8SJFYjh0QG97bTEDA&usg=AFQjCNFruIo-6q9vZfL-MsGFMF06plTlDA&sig2=-Shlyl1ue21QQSThS33Dqg"]Zappos Hacked: How To Protect Your Online Information[/URL][/COLOR]

Submit "Zappos Hacked Customers Beware of Account Phishing Scams" to Digg Submit "Zappos Hacked Customers Beware of Account Phishing Scams" to del.icio.us Submit "Zappos Hacked Customers Beware of Account Phishing Scams" to StumbleUpon Submit "Zappos Hacked Customers Beware of Account Phishing Scams" to Google

Comments