From CNN Money – 24 million accounts accessed. CEO states no credit card data exposed. They state the hack gave access to part of their internal network and systems, yet the server that was hacked was based in Kentucky. I thought Zappos operated out of Nevada?
The article detracts from the fact that they were hacked, period. Regardless of whether customer data or credit card data was taken, they were vulnerable enough to be hacked. Does that give the customers a vote of confidence that they are secure?
Was that last statement a little harsh? Depends on which side of the fence you are looking. I see it as a good thing that the attackers didn’t get further, but I can’t help but think that it was a starting point. We all know it only takes one person inside the company to make us vulnerable, and that chances are it isn’t malicious, but that the vulnerability that person unwittingly creates allows the hack to occur.
Was a patching / maintenance window pushed for some reason or other? Or – were bad practices involved? We don’t know the answers, we just see the headline “Zappos Hacked”. The hackers got to the last four digits of credit card numbers – perhaps that is a staged database used for testing? Again, who knows right?
You have to wonder where the fine line is for giving out information about being hacked. Not the method, just what, when etc. Since the damage is done, how do you negate that and recover?
I’m guessing there’s a lot of work going on in Zappos right now – forensics – rebuilding – double checking. It’s sad, since they have done so well up to now. How bad is the fallout going to be? I’m keeping an eye out but my thought is they will recover, since their reputation has always been good and valued.
