Supposedly, they lost this information: Name, address, email address, phone, and last four digits of their credit card account.
Two questions - how did it happen and what should a consumer do?
1) Seemingly the hacker(s) got into through a server in Kentucky. Whether they knew a person who worked there, or could guess what his/her password was, they were able to get through the firewall. The question is generally "Not if a company can be hacked, but when it is hacked". If somebody wanted to hack into my online accounts enough, I'm sure they can do it.
2) When you get notification that you have been hacked; change your password online as soon as possible; then (generally) the company should give you credit card monitoring (Experion, TransUnion and Equifax) for a period of time - take advantage of that - check your account monthly. It might be that no action will occur for a few months, then the hackers will take out new credit cards, buy items, etc. on your account(s).
In this case, they also (supposedly) got the email addresses - that could be a massive phishing effort - with fake Zappos accounts. I can see "Dear Zappos Customer. Our system was hacked and we need to verify your account - go to http://fakezapposite.com and enter your Zappos account number and credit card number" it could be massive!!!
No comments:
Post a Comment