HENDERSON, NV (FOX5) -
Las Vegas area-based online retailer Zappos said a security breach exposed more than 24 million customer records.
The web marketplace with offices in Henderson said the system that houses customer names, phone numbers, credit card information and scrambled versions customer passwords were compromised.
Zappos CEO Tony Hsieh notified customers by email, asking them to create a new password for their accounts.
A copy of that email and Hsieh's message to employees was posted on the company's website.
"We've spent over 12 years building our reputation, brand, and trust with our customers," Hsieh said in his email. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."
Information security analyst company Data Clone Labs said late Sunday that the breach is serving as a reminder for consumers to use different passwords for the different accounts they hold.
"Many online shoppers use the same password for multiple sites," said Ira Victor of Data Clone Labs. "This means the Amazon or Facebook password maybe the same as the banking password, and the password for workplace email."
Victor cited published studies that cybercriminals are aware passwords get reused very common.
Victor, though said, because a system is breached, doesn't mean data is stolen.
Data Clone Labs, which is based in Las Vegas, as well, offered the following reminders when it comes to online information protection:
1. It does not matter if you are on a computer, smart phone or tablet.
2. Just because the site says "secure," that does not mean that your password cannot be easily stolen.
3. Username/Passwords pairs alone are not enough to protect information. It's too easy for a cyber criminal to steal them from your computer, smart phone, tablet, or the system you connect to.
4. Customers need to pressure online sites, online banking, and others to offer so-called one-time password systems (OTP). These simple, low cost systems add an additional "factor" (like a special USB device) to a username and password. Good OTP systems permits customers to just remember one short PIN for accessing multiple sites and confidential information.
5. A less secure alternative to OTP systems: Use a unique 12 character password, with upper case/lower case letters, numbers and punctuation for each site. For most people, this is very difficult, and the cyber criminals know it.
Stay tuned to FOX5 and FOX5Vegas.com for the latest updates on this developing story.
Copyright 2012 KVVU (KVVU Broadcasting Company). All rights reserved.
All
content ©Copyright 2000 - 2012, KVVU, Las Vegas, NV.
(A Meredith Corporation Station) and WorldNow. All rights
reserved.
