Zappos Data Breach Could Result in New Phishing Attacks

Early Monday morning I received an email from Zappos, the popular online retailer.  Theemail informed me that they had been hacked and my personal info, along with that of 24 million other customers, had been compromised:

First, the bad news:

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

THE BETTER NEWS:

The database that stores your critical credit card and other payment data was NOT affected or accessed.

While it’s great that actual credit card numbers weren’t taken, the info that was leaves me and my fellow Zappos customers open to spammers and spear phishing attacks. It’s likely the hackers now know at least some of our buying history and can use that info to create very targeted campaigns, not to mention if they are able to decrypt the passwords they took before the account owner follows the company’s directions and changes it, theoretically they could access that account and go on a buying spree.

There are a couple of things to be learned from this and other recent breaches. Change the passwords you use regularly, and avoid using the same password and username on multiple sites. The hackers behind the Zappos breach will likely be able to find their way into other accounts because so many people use the same password over and over at different sites. If you’re a Zappo’s customer, change all your passwords and keep a close eye on your accounts, especially your financial ones.