The online retailer Zappos has notified customers that some of their account information may have been accessed by hackers who breached the company's computer system.
In a letter posted to its website, Zappos chief executive Tony Hsieh said the company was "recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky." Hsieh said the company was cooperating with an investigation by law enforcement.
In an email sent to the company's more than 24 million customers, Zappos said:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
The e-mail said the database that stores customers' credit card and other payment data was not affected.
Zappos said customers should reset their passwords on Zappos.com and any other website where they use a similar password. The company also warned customers that hackers may use their information to trick them into revealing more sensitive data.
"Please remember that Zappos.com will never ask you for personal or account information in an e-mail," the e-mail said. "Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information."
Founded in 1999, Zappos is the largest seller of shoes online, generating a loyal customer base with its large selection and its policy of offering free shipping and returns. The company, based in Henderson, Nev., was sold to Amazon.com in 2009 for about $850 million.