Online shoe retailer Zappos was hacked over the long weekend, and as many as 24 million customers’ data were stolen, according to an email the company sent out to their customers.
They wrote that the hackers may have accessed one or more of the following pieces of data: “your name, email address, billing and shipping addresses, phone number, the last four digits of your credit card number…and/or your cryptographically scrambled password (but not your actual password).”
So,it’s not enough to wire the contents of your bank account to some computer geek in Minsk, but that’s a lot of information nonetheless. As a precaution, Zappos reset all customer passwords, as they alerted people to the breach.
If you got this email, you’re likely wondering what you should be doing now. Here are a few tips:
1. First, change your Zappos password like they asked you. Then, if you can recall what your Zappos password was before it was automatically reset, change all your passwords to accounts that share this password — especially your email.
Whoever did this already has your email and a scrambled version of what could potentially be your email password, and you certainly want to avoid letting them have access to your email.
That will provide them access to virtually any login you have anywhere else, simply by claiming to have lost the password, and opening the email containing new login information.
2. Change all the passwords you have to sites that keep your sensitive information — email, banking, eBay, PayPal, online retailers and the like — so that there is variety between them, if there isn’t already. The way things are going, it doesn’t appear that these security breach incidents will become any less common, and it’s best to not put all your accounts in peril if just one of them falls to hackers.
You’re likely better off with all your passwords written down somewhere secure in your home or simply being forced to constantly admit you’ve forgotten your password, than if you keep the same password across several accounts.
3. Beware phishing schemes. Now that the hackers have your email address, your street address, and the last four digits of your credit or debit card number, with the help of a decent Belarusian web designer, they might be able to trick you into believing they are someone they are not.
Typically, only those with whom you have already conducted business will have access to your street address and last four digits, which can lull you into a false sense of comfort with emails containing these data. Recall, though, that very few online businesses will actually send an email asking you to provide your password or credit card information.
If you click any links through email, be wary and be sure to check the URL to make sure it matches up with the design of the page.
Until then, stay vigilant. And consider shopping locally. Zappos provides excellent service, but there’s nothing quite like actually trying a pair of shoes on in person to know what you’re getting yourself into. If you spend cash, the likelihood that your information gets stolen is pretty close to zero, based on our calculations.