Skip to: Content
Skip to: Site Navigation
Skip to: Search


Horizons

Zappos hacked: What did we learn?

Lessons learned from the recent Zappos hack. 

By Matthew Shaer / January 17, 2012

The Zappos shipping center in Kentucky.

Reuters

Enlarge

On Sunday, Zappos CEO Tony Hsieh acknowledged that his company – a subsidiary of Amazon – had been hit by hackers, who managed to gain access to personal records for approximately 24 million shoppers. "We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," Hseih wrote.

Skip to next paragraph

Recent posts

He stressed that Zappos was cooperating with law enforcement; exact details on the nature of the breach have not yet been disclosed. 

So what have we learned from the Zappos fiasco? Well, for one thing, we're reminded yet again that even big companies are vulnerable to attacks. "It’s disturbing," tech analyst – and recent online fraud victim – Barbara Scott told the New York Times today. "Companies have to do a better job protecting our privacy. You would think companies like eBay and Amazon have the financial backing and wherewithal to take the proper security measures."

Of course, as Scott hints, Zappos isn't the only major company to be hit by hackers – only the most recent. And with e-commerce occupying an ever-larger part of our daily lives, it's safe to say that we'll see at least a few more high-profile hacks in coming months. Which brings us to our second question: How did Zappos handle the breach? 

Actually, pretty handily, according to most analysts. Over at Information Week, Matthew J. Schwartz runs down the eight lessons learned from the Zappos breach, including the importance of a detailed response plan. Schwartz quotes Tomer Teller, a security researcher at Check Point Software Technologies, who says Zappos "should be commended for alerting their customers in a timely fashion." 

Not that everyone is completely enamored with the reaction from Team Zappos. "Disappointingly, there is no mention of the security breach on the front page of the Zappos website – one platform you would imagine they would use to inform their customers that there was a security problem of which they should be made aware," writes Graham Cluley, an analyst at Sophos

As for lessons, there are plenty to be learned, but perhaps chief among them is this: Change your passwords. A lot. "Typically people use one password to get into a number of systems," notes ABC analyst Brad Garrett. "And so as a result if you have someone’s password, you could easily compromise other accounts they have at other locations."

For more tech news, follow us on Twitter @venturenaut. And don’t forget to sign up for the weekly BizTech newsletter.

SEE ALSO: Five simple ways to protect yourself from identity theft

Permissions

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Editors' picks

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!