You shopped at Zappos: Now what?
A security breach may have exposed 24 million customers to the threat of identity theft. Here's how to protect yourself when you buy shoes or anything else online.
You can bet that Lisbeth Salander wasn't behind the hacking that compromised personal information of 24 million Zappos and 6pm customers through a company server in Kentucky. Fans know the mysterious Swede with the dragon tattoo hacks only for truth and her brand of justice. The folks who gained access to customers' names, regular and email addresses, phone numbers, last four digits of credit cards and/or "cryptographically scrambled" passwords were crooks. (Oh, yeah, and Salander is a fictional character, but let's not sweat the details.)
The security breach at Zappos and affiliate 6pm is yet another reminder about how vulnerable our personal information can be. Many of us shop in the online marketplace, so how do we best protect ourselves? Post continues below.
Before you panic, Zappos says complete credit card and other payment information was not accessed.
Here are steps to take with your Zappos (or 6pm) account:
- Create a new password. Your old password has been retired, just in case the bad guys can break the encryption. If you're one of the 24 million, you'll get an email from Zappos or 6pm telling you to do this. Go to the Zappos website (or 6pm's) and click on the "create a new password" link.
- If you've used your old password somewhere else, change that one too, Zappos says. Using the same password at two different sites is a huge no-no if you want to protect yourself from ID theft. But Zappos knows how lazy or unknowing people can be. It's a pain, but you need a unique and complex password for each site where you're sharing personal financial information.
- Look for updates at this Web page. You can also email Zappos, but don't try to call. They disabled the phones temporarily because the system couldn't have handled the anticipated volume of calls.
Here's what else to keep in mind no matter where you shop online:
When there's a security breach, crooks may try to target victims with email purporting to be from a legitimate company and asking you to click on a link and share more personal data. That email could be very convincing because they already know so much about you. Wrote John Fontana at ZDNet:
Imagine being contacted about an account six months after a breach by someone who had the last four digits of your credit card, your name and your address.
"I would find it really hard to immediately be suspicious of that," said (Fred Cate, director of the Indiana University Center for Applied Cybersecurity Research), who specializes in privacy, security, and other information law issues. "Those are all the indicators we teach people to know that a legit person is trying to contact them."
Thus, you have to maintain your vigilance. Zappos said, "As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail." Neither will the IRS, the FBI, your bank or any other reputable business.
- Be proactive and change your passwords regularly. Make them strong, using a combination of letters, numbers and symbols. Avoid obvious passwords like the name of your cat or the two most popular passwords of 2011 -- "password" and "123456."
- Monitor your bank and credit card accounts, and use AnnualCreditReport.com to pull a free credit report yearly from each of the big three credit bureaus.
- If you have reason to think your credit card number has been compromised, call your card company.
- If you think any of your personal information has fallen into the wrong hands, you can put a fraud alert on your credit reports. Another possibility is a credit freeze, but that's not appropriate for everyone.
- Shop only at reputable websites, and look for "https" in the URL when you're placing an order.
Companies have to constantly work to stay a step ahead of cyber crooks. You also have to do your part.
More on MSN Money:
Havanai ask what is the answer?
The answer is use a program like Roboform to remember all of your passwords. You only have to remember the one password to use Roboform and you only use that password on your own computer, not on the internet.
For the poster who thinks it is safer to not shop online. Everyday store clerks, waiters, etc are ripping off credit card info when they take your credit card to process the payment. In the store they get the whole credit card number along with the security code on the back, the expiration date and are able to copy your signature. Crooks do not limit where they practice and there are many more crooks that are not smart enough to hack the internet but smart enough to get a sales job or wait tables.
Check out programs like LastPass. You come up with 1 really, really good password and use it for LastPass. Inside LastPass you store your passwords for all websites. Since you don't have to remember them, you can make them very random ( = secure). Also, make sure your security questions have sufficiently private answers.
One day they are going to tap into the wrong people and they will wish they were behind bars for their own safety. Why does anyone want to buy online when it is as easy to go to a store, and get what is needed (for the most part, and use real currency. The chance of getting robbed is much higher on the internet than in most towns. Besides that, you don't have the business disconnect their phones for a day because the 'system can't handle the stress', you have living breathing people doing transactions with you and it makes jobs in your community not off somewhere in a warehouse. The internet is fine for talking to friends, playing games and the like, but that is it. It is and never will be safe. Notice, they're trying to sell some new passwordless system-based on typing speed, and a bunch of bs (considering I might type 120wpm, then type 20 depending on multitasking, so whoever thought that us is an idiot)...anyway, how many of you have noticed that every time there is a breach, they're selling something to make things secure, (or can it be that the targeted victims are actually pawns in the sale game of internet paranoia?
Copyright © 2013 Microsoft. All rights reserved.