Zappos suffers breach, resets customer passwords

Zappos, a leading retailer and Amazon subsidiary, is the latest big name brand to suffer a major online security breach. Although the full scope of the attack remains under investigation, more than 24 million customers could be affected by the incident.

In an open letter to customers posted by Zappos chief executive officer Tony Heisch, the company delivered a mixed message of both disappointment and optimism.

"We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)," Heisch explained. "The database that stores your critical credit card and other payment data was not affected or accessed."

As a precaution, Zappos administrators have voided all passwords on the site and directed customers to establish a new set of login credentials. After having their trust in the company shaken, it may be wise for shoppers to take advantage of the enhanced online security protections offered by a password organizer tool, experts say.