SEATTLE ― Online shoe retailer Zappos told customers this weekend that it has been the victim of a cyber attack affecting more than 24 million customer accounts in its database.
The popular retailer, which is owned by Amazon.com, said customers’ names, e-mail addresses, billing and shipping addresses, phone numbers and the last four digits of credit cards numbers and scrambled passwords were stolen.
But it said the hackers had not been able to access servers that held customers critical credit card and other payment data.
“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” Zappos CEO Tony Hsieh said in an email to staff which was posted on the company’s blog on Sunday.
“We are cooperating with law enforcement to undergo an exhaustive investigation,” he added.
Zappos said it was recommending that customers change their passwords including on any other website where they use the same or similar password.
The company, which is well known for its customer service, said due to the high volume of customer calls it is expecting it will temporarily switch off its phones and direct customers to contact via e-mail.