Zappos Online Shoe Store Hit By Hackers

Zappos.com, attacked by hackers, has reset the passwords of 24 million customers.

There are a few jokes going around the web already - they're nipping at our heels, they've caught them flat-footed, etc. - but this really isn't funny. It appears that hackers who attacked Zappos, the giant online shoe store, may have gotten their hands on customers' names, email and billing addresses, phone numbers and the last four digits of their credit cards.

Zappos.com claims it's not a crisis for customers because the hackers didn't get full credit card numbers or passwords. But it's a reminder of how busy the hacking business is, and what a pain it can be for companies and their customers.

Zappos CEO Tony Hsieh put out a message Sunday night saying the company is getting in touch with all 24 million customers who have accounts. It's already deleted their current passwords and is sending instructions on how to create new ones. (If you're a Zappos user, the place to go for password changes is here.)

"We've spent over 12 years building our reputation, brand, and trust with our customers," Hsieh wrote in a message to employees. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."

Beyond that, the company declined comment. It would not say whether 24 million customers' files had been breached, only that it's reset 24 million passwords.

Zappos has often been cited as a customer-relations success story. By offering free shipping both of purchases and returns, it made it a very low-risk proposition for people to buy things online. Other e-commerce retailers have copied its model. It's now having to practice crisis management.

Hsieh's message included some standard advice: "We also recommend that you change your password on any other web site where you use the same or a similar password." Smart hackers may not be defeated by a mere password, but why make it easier for them?

In the border next to Heieh's post was a box: "Shop with Confidence. Shopping on Zappos.com is safe and secure. Guaranteed! You'll pay nothing if unauthorized charges are made to your credit card as a result of shopping at Zappos.com."