Amazon-owned clothing retailer Zappos.com has been hacked, with up to 24 million customers affected.
The company has been forced to reset customer passwords after names, email addresses, billing and shipping addresses as well as the last four digits of credit card numbers were compromised.
Password hashes were also taken in what appears to be the biggest public data breach of 2012 thus far.
We have made the hard decision to temporarily turn off our phones...
The database storing customers' critical credit card data has not been accessed, however.
Non-US customers are currently blocked from accessing Zappos.com's statement on the company blog, but an email explaining the breach is circulating the web.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," said Tony Hsieh, CEO of Zappos.com, in an email to employees.
"We are cooperating with law enforcement to undergo an exhaustive investigation.
"We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume."
The email sent to users outlined what data may have been stolen, alongside details about how to gain a new password.
"We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail," the email read.
Graham Cluley, senior technology consultant at Sophos, said it was an "ugly situation" for Zappos.com.
"One imagines that the decision to block access to the blog entry is to prevent it becoming overloaded with traffic - but, seriously, how hard is it to host an important message like this on another trusted site?" he added, in a blog post.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victimsNews Attackers are using AWS’ server-side encryption to conduct ransomware attacks
-
Amazon confirms employee data compromised amid 2023 MOVEit breach claims – but the hacker behind the leak says a host of other big tech names are also implicatedNews Millions of records stolen during the 2023 MOVEit data breach have been leaked
-
Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customersThe firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Sophos XGS 116 review: A small and mighty applianceReviews This clever and compact security gateway brings outstanding security and remote management features at a tempting price
-
Amazon gave police departments Ring footage without permissionNews The tech giant has done this 11 times this year
-
WatchGuard Firebox M290 review: Stiff security at a great priceReviews The Firebox M290 delivers an incredible range of gateway security measures priced right for SMBs
-
Sophos XGS 3300 review: Xstream firewall performanceReviews A powerful firewall appliance combining hardware acceleration with a vast array of security measures
