Zappos sent an email this week to its employees explaining the details of a recent security breach. An unauthorized person gained access to names, addresses, email address, the last four digits of the credit card number and “cryptographically scrambled password.” They did not gain access to full-payment information. Zappos is requiring password resets for all customer accounts.
Zappos, which Amazon acquired in 2009, has “Powered by Service” as their motto. They have a very loyal customer base which gets them consistently listed as one of the most customer friendly online retailers and they have had many tales of their above-and-beyond service in online and print media.
Sites such as Lifehacker have published articles on what to do, but at this point I think the advice offered by Zappos is the best to follow. Update your password with them, know that Zappos will not ask for account information in emails (and any emails soliciting such information is likely fraudulent) and if you use the same password across multiple sites, change it at those other sites.
Generally, it is good practice to make strong passwords for any site that has your financial information and to consider using one of the free mail services such as Microsoft’s Hotmail or Google’s Gmail because both work hard to protect you from security threats. You can create an address that is specific to those sites and that is separate from your personal or work email.
As for passwords, you can customize each to a strong password so that if one site suffers a data breach that you don’t have to change all of your passwords. For example, if you use a password like “Ilike44cows@” you can use “ilike44amzncows@” or something similar. This particular example might be too long, but choose something that means something to you but is unlikely to be guessable by a hacker using dictionary words or common passwords.
Popular sites are attractive targets for hackers, and even the most robust security structure will have vulnerabilities. To protect our personal and financial security we have to do our part by using strong passwords, reading commercial emails with a skeptical eye and monitoring our accounts.