Zappos Hacked: Internal Systems Breached

wiredmikey writes "Zappos appears to be the latest victim of a cyber attack resulting in a data breach. In an email to Zappos employees on Sunday, CEO Tony Hsieh asked employees to set aside 20 minutes of their time to read about the breach and what communications would be sent to its over 24 million customers. While Hsieh said that credit card data was not compromised, he did say that 'one or more' of the following pieces of personal information has been accessed by the attacker(s): customer names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers. User passwords were 'cryptographically scrambled,' he said."

breach database?

[GuldKalle]

Is there a site covering breaches like these? It would be nice to have an easily searched database with number of users, the kind of info that was accessed, the attack vector etc.

Re:breach database?

[WrongSizeGlass]

How is this post informative? That site doesn't have anything about the Zappos breach ... or anything that's happened in the last six months. It hasn't posted an update since June, 2011 - and that includes their monthly reports.

I applaud datalossdb.org efforts to trying to make this data available in one place, but it needs new 'volunteers' (and probably some more donations).

Re:Storing passwords (not as easy as you think)

I'm going to have to disagree with this statement from your article: "Because hash functions like AES-256 only provide 2^256 possible unique outputs, collisions are obviously possible".

Kudos to Zappos for the way they handled this.

[I'm+Not+There+(1956)]

Shit happens, the way handle crisis is what matters. Zappos was very open about this, sent me an email, asked me to change password, set up new email addresses and web pages for this problem and questions that customers may have, and announced the issue quickly.

I wish more companies would act like this.