Zappos website hacked; credit card database not affected, CEO says

By Andrea ChangStaff Writer

Jan. 16, 2012 10:40 AM PT

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Zappos.com, the popular online shoe site, was the victim of a cyber attack by a hacker who gained access to part of the company’s internal network through one of its servers, Chief Executive Tony Hsieh said in an email to employees Sunday.

Hsieh said the Henderson, Nev., company was cooperating with law enforcement to undergo ‘an exhaustive investigation’ and that the database that stores customers’ credit card and other payment data was not affected or accessed.

‘We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident,’ Hsieh said in a separate email to customers. ‘Over the next day or so, we will be training everyone on the specifics of how to best help our customers through their password change process now that their passwords have been reset and expired. We need all hands on deck to help get through this.’

The company said it would notify the more than 24 million customer accounts in its database about the incident and provide instructions on how to choose a new password; the company has already reset and expired existing passwords.

In the email to shoppers, Zappos said customers’ personal information -- including their name, email address, billing and shipping addresses, phone number, the last four digits of their credit card number and/or the cryptographically scrambled password on their account -- may have been compromised.

‘In order to service as many customer inquiries as possible, we will be asking all employees at our headquarters, regardless of department, to help with assisting customers,’ Hsieh said. ‘We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren’t capable of handling so much volume.’

The company is directing customer concerns and questions to an internal Web page.

Zappos, which sells shoes and has since expanded to other retail categories, was bought by Amazon.com in 2009. The company has become known for its customer service and for its quirky company culture led by Hsieh -- including head-shaving events, impromptu parades around the cubicles and employee birthday pranks.

RELATED:

Amazon to buy Zappos

A conversation with Zappos CEO Tony Hsieh

Retail chains are embracing their online stores

-- Andrea Chang

Twitter.com/byandreachang

Top photo: Zappos’ company headquarters in 2010. Credit: Isaac Brekken / For The Times

Lower photo: Zappos Chief Executive Tony Hsieh. Credit: Isaac Brekken / For The Times

Technology Blog

Andrea Chang

Andrea Chang is a wealth reporter for the Los Angeles Times. She was previously a Column One editor, the deputy Food editor and an assistant Business editor, and has covered beats including technology and retail. Chang joined the paper in 2007 after graduating from the Medill School of Journalism at Northwestern University. She grew up in Cupertino, Calif.

Zappos website hacked; credit card database not affected, CEO says

Major Supreme Court case could upend California’s homelessness policies

A celebrated L.A. astrology influencer’s stunning fall from ‘healer’ to solar eclipse killer

‘The fairy dust fades away’: Why the people who play Disneyland’s costumed characters are unionizing

A ‘cold-blooded killer’ called Smiley haunted L.A. for 14 years. How he finally faced justice

Opinion: USC got it wrong in canceling valedictorian’s speech. Here’s what the school should do now