Zappos, a popular internet shoe retailer, has informed its customers that hackers have bypassed the site’s security measures and accessed customer account information.
According to an e-mail sent to customers, the information included each customer’s name, e-mail addresses, billing addresses, shipping addresses, and the last 5 digits of the customer’s credit card. The company’s e-mail points out that the same information appears on receipts. The hackers were able to access customer passwords, but only in an encrypted, scrambled form.
The e-mail reassures customers that full credit card numbers and similarly sensitive information were not accessed or compromised in any way.
Finally, the e-mail advised customers to create new passwords for their Zappos account.
PCWorld reports that it is not immediately clear what went wrong, and what, if anything, Zappos could have done to prevent the attack. Until more information becomes available, it will remain difficult to determine whether Zappos deserves criticism for failing to adequately protect customers’ data. Security experts note that such breaches of security can persist for quite some time before they are discovered, and do not necessarily reflect any negligence on the part of the company.
Any suspected illicit activity, from high-profile hacking incidents such as this one to relatively common examples of online piracy, will fall under unprecedented scrutiny as the economic and social importance of the Internet continues to increase. New legal restrictions and sanctions have followed on the heels of the Internet’s growth, and those accused of violating these new measures face fines, jail time, and financial restitution.