newjerseynewsroom.com

Share this Twitter Myspace Digg Del.icio.us Reddit Slashdot Furl Yahoo Technorati Newsvine Facebook Export PDF Print E-mail Tags online security hackers zappos mail card passwords information data protect numbers experts customers payment cyber retailers credit database company password Article Index Zappos hackers steal passwords, personal data: What should customers do? Zappos hackers steal passwords, sensitive information: What should customers do? All Pages

BY ADELE SAMMARCO

NEWJERSEYNEWSROOM.COM

If you’ve ever bought shoes online from Zappos, now is the time to change your password.

The popular internet company says some 24 million of its customers’ personal information was compromised by hackers Sunday, stealing e-mail and shipping addresses, phone numbers, account passwords and the last four digits of their payment card.

After the hacking incident, Zappos CEO Tony Hsieh was quick to react in a blog statement, "We've spent over 12 years building our reputation, brand and trust with our customers," and added, "It's painful to see us take so many steps back due to a single incident."

The cyber- thieves couldn’t get complete credit card numbers because that particular personal information is encrypted, a requirement under the Payment Card Industry Data Security Standard.

Now the footware company is urging its online users to be on the alert for "phishing" schemes or shrewdly-worded e-mails with eye-catching subject lines that are specifically designed to entice the user into divulging sensitive information, such as their social security number.

Todd Feinman, CEO of the database security firm Identity Finder, says retailers do not generally encrypt data beyond what is required under PCI-DSS rules, which is enforced by Visa and MasterCard, because it can degrade and slow down a website's performance.

According to USA Today, Feinman explained, “Visa and MasterCard fight to protect credit card numbers, but there's no one fighting for the individual consumer whose e-mail address falls into the possession of hackers."

As an added precaution, Zappos, a division of Amazon.com, is urging its customers to change their passwords.

Security experts say many online consumers re-use the same e-mail address and password to create financial transaction accounts on several different websites. Cyber-thugs, who are well aware of this common practice, are only too willing to take advantage of these unsuspecting customers.