Zappos.com Internal Server Hacked

Consumers who have ordered from the popular online shoe retailer Zappos.com are being told to change their account passwords after a hacker successfully penetrated one of the company's servers over the weekend.

The company said the server that contains customers' credit card information was not compromised. Zappos.com CEO Tony Hsieh said the company is cooperating with law enforcement officials who are investigating the security breach.

"We've spent over 12 years building our reputation, brand, and trust with our customers,” Hsieh said in an email to Zappos.com customers. “It's painful to see us take so many steps back due to a single incident."

Password reset

Hsieh said the company has reset customers' passwords, to prevent any unauthorized access to accounts. He said it may take a few days to get the staff trained to assist consumers with the process of setting up new passwords for their accounts.

Zappos.com has more than 24 million consumers in its database. The company said customers will soon receive an email from the company with instructions for setting up a new password. The company said it would press all employees into service to help with the process.

Sensitive data

While the hackers apparently did not get credit card numbers, they did gain access to other sensitive data. The company says the compromised server, located in Kentucky, contained email addresses, billing and shipping addresses, and telephone numbers.

Despite the precautions about passwords, it is believed the hackers did not gain access to actual passwords, but an encrypted version of passwords.

Zappos was founded as an online shoe retailer in 1999 and was acquired by Amazon.com in 2009.