Following this weekend’s big story on Zappos being hacked, the shoe retailer has been sued by an angry customer.
The customer claims Zappos did not properly “maintain adequate procedures for protecting customers? personal information.” 24 million accounts were compromised over the weekend in the largest breach of security since the PSN hack in April 2011.
Original Story:
Late last night, I received an email, as did 24 million other account holders, that our Zappos accounts had been hacked and we needed to change our passwords.
The popular shoe retailer owned by Amazon says that information such as names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and encrypted versions of account passwords were likely compromised.
Zappos says all credit card numbers and other payment information were not accessed, since they were housed in a different database.
Additionally, Zappo’s discounted 6PM.com site was also hacked in the same attack. At 24 million compromised, the attack is the largest since Sony’s PlayStation Network was taken down in April 2011, compromising data on 101 million gamers.
The retailer reset everyone’s passwords, but has shut off its phone lines, meaning all customer service requests will go to email.
Result for: passwords
New York Senator Charles Schumer has called on America’s largest sites to make the HTTPS protocol the default for their sites in an effort to prevent ID theft when users hop on public Wi-Fi at places like Starbucks and McDonalds.
The Senator says the growth of public Wi-Fi spots is making it easier for hackers to steal info like credit card numbers and passwords for banking institutions.
Says Schumer (via Reuters):
The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds.
The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol.
HTTP, says the Senator, is a “welcome mat for would-be hackers.” Most major site operators, outside of the banking institutions, use HTTP as the default, even if they do have HTTPS versions.
Result for: passwords
Twitter director of Trust and Safety Del Harvey has posted today that it will be forcing a number of users to change their passwords this week after it was discovered that hackers had used torrent sites to steal access to user’s data.
“As part of our ongoing efforts to monitor our user base for odd activity, we noticed a sudden surge in followers for a couple of accounts in the last five days. Given the circumstances surrounding this we felt it was best to push out a password reset to accounts that were following these suspicious users,” said Harvey.
It is unclear how many users are affected.
The details were stolen from third-party torrent sites that require logins. Because many users use the same information for multiple sites, the hackers used the torrent site logins for Twitter as well.
“As a general rule, if you signed up for a torrent forum or torrent site built by a third party, you should probably change your password there,” adds Harvey. “The takeaway from this is that people are continuing to use the same email address and password (or variant) on multiple sites. We strongly suggest that you use different passwords for each service you sign up for.”
