Zappos Breach Illustrate the Need for Stronger Password Rules

January 17, 2012

Zappos Breach Illustrate the Need for Stronger Password Rules

By: Fahmida Rashid, eWeek

The latest breach with online clothing and apparel retailer Zappos.com highlights the importance of password security, according to security experts.

Cyber-attackers breached one of the company's servers in Kentucky and accessed "one or more" pieces of personal information, including customer names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and user passwords, Zappos.com CEO Tony Hsieh said in a Jan. 15 email sent to employees and customers. Hsieh said credit card data was stored in a separate database and was not breached. The passwords were "cryptographically scrambled," Hsieh said.

While Zapos.com immediately reset the passwords for all customers and quickly communicated to employees and customers about the breach, security experts said the company should have provided additional information.

"An appropriate response includes more detail of 'how did they get in, where did they go and what was accessed, seen, and removed from the network?'" Alan Hall, security expert and director at Solera Networks, told eWEEK.

Kurt Baumgartner, a senior security researcher at Kaspersky Lab, agreed, noting that Zappos "did the right thing" by clearly communicating what data was accessed and what was not, all of which should be "standard, timely stuff" for breach notifications.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Zappos Breach Illustrate the Need for Stronger Password Rules

Zappos Breach Illustrate the Need for Stronger Password Rules

About Kaspersky

Related Articles Press Releases

Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud

Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List

Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report

Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment

Poor Security Practices put Cloud-Driven Business Growth and Cost Savings at Risk

Kaspersky Lab Story of the Year 2017: More Than One Quarter of Ransomware Attacks Target Businesses

Kaspersky Lab Survey: IT Security Experts Uncertain on How to Combat Targeted Attacks

Kaspersky Lab Creates Pop-Up Shop Experience Using New Currency to Showcase the Value of Personal Data

Kaspersky Lab Enters Endpoint Detection and Response Market with New Solution

Kaspersky Lab North America Champions National Cyber Security Awareness Month 2017