Zappos hacked: What did we learn?

Lessons learned from the recent Zappos hack. 

|
Reuters
The Zappos shipping center in Kentucky.

On Sunday, Zappos CEO Tony Hsieh acknowledged that his company – a subsidiary of Amazon – had been hit by hackers, who managed to gain access to personal records for approximately 24 million shoppers. "We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," Hseih wrote.

He stressed that Zappos was cooperating with law enforcement; exact details on the nature of the breach have not yet been disclosed. 

So what have we learned from the Zappos fiasco? Well, for one thing, we're reminded yet again that even big companies are vulnerable to attacks. "It’s disturbing," tech analyst – and recent online fraud victim – Barbara Scott told the New York Times today. "Companies have to do a better job protecting our privacy. You would think companies like eBay and Amazon have the financial backing and wherewithal to take the proper security measures."

Of course, as Scott hints, Zappos isn't the only major company to be hit by hackers – only the most recent. And with e-commerce occupying an ever-larger part of our daily lives, it's safe to say that we'll see at least a few more high-profile hacks in coming months. Which brings us to our second question: How did Zappos handle the breach? 

Actually, pretty handily, according to most analysts. Over at Information Week, Matthew J. Schwartz runs down the eight lessons learned from the Zappos breach, including the importance of a detailed response plan. Schwartz quotes Tomer Teller, a security researcher at Check Point Software Technologies, who says Zappos "should be commended for alerting their customers in a timely fashion." 

Not that everyone is completely enamored with the reaction from Team Zappos. "Disappointingly, there is no mention of the security breach on the front page of the Zappos website – one platform you would imagine they would use to inform their customers that there was a security problem of which they should be made aware," writes Graham Cluley, an analyst at Sophos

As for lessons, there are plenty to be learned, but perhaps chief among them is this: Change your passwords. A lot. "Typically people use one password to get into a number of systems," notes ABC analyst Brad Garrett. "And so as a result if you have someone’s password, you could easily compromise other accounts they have at other locations."

For more tech news, follow us on Twitter @venturenaut. And don’t forget to sign up for the weekly BizTech newsletter.

SEE ALSO: Five simple ways to protect yourself from identity theft

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Zappos hacked: What did we learn?
Read this article in
https://www.csmonitor.com/Technology/Horizons/2012/0117/Zappos-hacked-What-did-we-learn
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe