Image may be NSFW.
Clik here to view.
After the Christmas’ sales, Zappos.com got a surprise. The company that focuses on clothing and shoes –purchased by Amazon on 2009– was chosen by hackers to be the resource of millions of data from their customers such as names, telephone numbers, e-mail addresses, billing and even sensitive information like part of the numbers of credit cards.
The attackers got into the system though the user passwords that were cryptographically scrambled. The hash
function used as a good security practice is a kind of cryptographic usually effective against the malicious assaults, but this time the ability of hackers made them success breaching the internal system.
Even when the crisis could have ended in a bigger tragedy, the Application Security Engineer hired by Zappos.com avoided the attackers to reach the whole credit information. CEO Tony Hsie reported that the secure database that stores our customers’ critical credit card and other payment data was not affected or accessed,
meaning the hacker just got the last four numbers of the plastic money.
The assault was handled immediately by the company, which wrote to their clients by means of emailing to let them know about the event and the following steps to create a new password, considering that the former ones were expired and reset for obvious security reasons.
