Amazon-owned clothing retailer Zappos.com has been hacked, with up to 24 million customers affected.
The company has been forced to reset customer passwords after names, email addresses, billing and shipping addresses as well as the last four digits of credit card numbers were compromised.
Password hashes were also taken in what appears to be the biggest public data breach of 2012 thus far.
We have made the hard decision to temporarily turn off our phones...
The database storing customers' critical credit card data has not been accessed, however.
Non-US customers are currently blocked from accessing Zappos.com's statement on the company blog, but an email explaining the breach is circulating the web.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," said Tony Hsieh, CEO of Zappos.com, in an email to employees.
"We are cooperating with law enforcement to undergo an exhaustive investigation.
"We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume."
The email sent to users outlined what data may have been stolen, alongside details about how to gain a new password.
"We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail," the email read.
Graham Cluley, senior technology consultant at Sophos, said it was an "ugly situation" for Zappos.com.
"One imagines that the decision to block access to the blog entry is to prevent it becoming overloaded with traffic - but, seriously, how hard is it to host an important message like this on another trusted site?" he added, in a blog post.
-
New chapter, same partners: Keeping the channel aligned with changeIndustry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
Palo Alto Networks snaps up CyberArk in identity security pushNews The acquisition marks the latest in a string for Palo Alto Networks
-
Okta and Palo Alto Networks are teaming up to ‘fight AI with AI’News The expanded partnership aims to help shore up identity security as attackers increasingly target user credentials
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign – and they’ve already claimed two victimsNews Attackers are using AWS’ server-side encryption to conduct ransomware attacks
-
Amazon confirms employee data compromised amid 2023 MOVEit breach claims – but the hacker behind the leak says a host of other big tech names are also implicatedNews Millions of records stolen during the 2023 MOVEit data breach have been leaked
-
Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customersThe firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Sophos XGS 116 review: A small and mighty applianceReviews This clever and compact security gateway brings outstanding security and remote management features at a tempting price
-
Amazon gave police departments Ring footage without permissionNews The tech giant has done this 11 times this year
