Two days ago I received the email all online shoppers fear; the dreaded “Sorry, but our security system has been breached and someone has accessed your personal details.” This single, often unavoidable error is something that can destroy the reputation of a company overnight, causing sales to plummet and making consumers think twice about shopping online. Fortunately my card details weren’t accessed, yet my email, phone number, address and other bits might have been. See the key parts of the email Zappos sent me below:
First, the bad news:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
THE BETTER NEWS:
The database that stores your critical credit card and other payment data was NOT affected or accessed.
Zappos is owned by Amazon, the company famed for its cloud storage. It is unclear yet as to whether Amazon was housing this data on their cloud facility or elsewhere, but it if was the former, this will be a major setback for consumer confidence in cloud storage. The good news here is that credit card details at Zappos are kept in a separate database, a wise move that other IT managers should take note of. Zappos also moved quickly to contain the damage, automatically resetting passwords and contacting customers with directions on how to set up new passwords.
It’s at times like this ecommerce businesses need to sit up and take notice, asking themselves just how well protected they are against the threat of hackers. At the time of writing this no specific information regarding the hack has been released, but even when we know the cause, no doubt the hackers are one step ahead and working on a new improved hack.