A cyberthief tiptoed into the virtual world of retail shoe giant Zappos and ripped off 24 million customer names, e-mail addresses and phone numbers, the company said yesterday.
The hacker also grabbed billing and shipping addresses and the last four digits of customer credit cards — but not the full account numbers, CEO Tony Hsieh told Zappos employees in a company-wide e-mail.
Zappos had earlier e-mailed customers, telling them about the hacking and asking them to change their passwords.
A company server in Kentucky was the hacker’s point of attack, Hsieh said.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Hsieh wrote to employees.
“It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”
Rob Holmes, CEO of high-tech detective agency IPCybercrime.com, said he doesn’t believe Zappos customers’ identities are in danger of being stolen. But they should brace for an increased run of spam.
“The individual isn’t the value here — it’s the list that’s the value,” Holmes told The Post.
The cybersleuth explained that these stolen e-mail addresses and names will be a hot commodity in the shadowy world of spam middlemen — businesses that buy information and peddle it to online retailers.
“This could be the greatest spam list ever compiled,” Holmes said.
“We’re talking about 24 million vetted Zappos customers. You know their names and addresses and that they’re willing to shop online.”
Zappos, with its distinctive white boxes and blue footprint logo and emphasis on customer service, has become one of the nation’s hottest cyber-retailers. Amazon bought it for $1.2 billion in November 2009.
Corporate communication and branding experts said they don’t expect publicly traded Zappos to suffer much when markets re-open this morning.
“If it [cyberattacks] happens to countries, to governments, to the CIA, it can happen to a shoe retailer,” said branding guru Allen Adamson, managing director at Landor Associates.
“It’s such a loved brand. They have enough good will in the bank to get by this.”
Paul Argenti, a corporate communications professor at Dartmouth College, said customers have grown accustomed to cyberthieves hacking into businesses.
“So many people are used to this now. I honestly don’t think it’s a big deal, if they [Zappos] handle it well,” Argenti said.