January 18, 2012
After 24 million shoppers’ accounts at e-commerce website Zappos.com were hacked, consumers are being urged to take steps to protect themselves, but Massachusetts state officials say there’s no complete defense against hackers.
“This is a criminal case,” said Barbara Anthony, the state’s undersecretary of consumer affairs and business regulation. “This is malicious. In a case like this, you can’t be 100% safe.”
Zappos CEO Tony Hsieh emailed customers Sunday about a hacked server exposing names, addresses, phone numbers, email addresses, partial credit-card numbers and “cryptographically scrambled” passwords.
“Close that credit-card account and reopen a new one. You don’t want to fool around with that,” Anthony said, adding that victims should set up a fraud alert with a credit reporting agency. “The information stolen was serious. With that information, it is possible to get new credit in your name.”
Chris Eng, vice president of research at Burlington security company Veracode, recommended using unique passwords for different websites. “You want to make sure you change your passwords on any other website where you use the same password, especially if it’s associated with the same email address,” Eng said.
Eng was among the 24 million but said Zappos responded well by resetting all passwords. “Usually, when a breach happens, they’ll urge but not force customers to change their password,” he said. “This was a good move on their part.”
Boston University student Mike DeFilippis, 20, also received the Zappos email. “Zappos has legendary customer service,” he said. “So it seems unusual to get that from them.” DeFilippis said he trusts Zappos and will continue to use it—unlike Sony, whose 2011 PlayStation Network breach also exposed his personal information.
No comments:
Post a Comment