Online shoppers' personal information hacked

January 17, 2012 4:11:34 PM PST
One of the most popular shoe selling websites has been hacked. Up to 24 million customers had their personal information comprised.

There is good news and bad news for Zappos customers. First, hackers were able to get names, addresses and phone numbers, but they did not get your full credit card number.

Shopper Laura Kelleher says there is a lot to like about

"They tend to have a good selection and a lot more different models and sizes than some other websites," she said.

But Kelleher's shoe purchase has just put her personal information in the hands of hackers who were able to get the names, addresses, shipping addresses and phone numbers and Zappos passwords of 24 million customers.

"It is definitely worrisome, because I shop online a lot actually," Kelleher said. "You don't think about it, you don't worry about and then your information gets out there."

Fortunately for Kelleher and everyone else, Zappos officials say full credit card numbers were not accessed by hackers, just the last four digits on cards used to make purchases. Still, Internet security experts say this was a major data breach.

"That is serious and significant," said Katherine Cabaniss with Crime Stoppers. "It could always be worse. Thankfully there was not more information that was able to be hacked."

Cabaniss says Zappos customers should do one thing right now.

"The best defense to identity theft is your own eyes, your own eyes by keeping an eye on your bank statement and your credit card statement every month and every day, if possible," she advised. "It's the best way to protect yourself when this kinds of thing happens."

Cabaniss says consumers can take steps now to limit the damage done from a future website cyber attack.

"We absolutely recommend that you have a separate email address that you make online purchases through. That email account is dedicated solely for that kind of activity," Cabaniss explained. "Secondly, we recommend that you have a credit card that is only used for online purchases and nothing else."

Some Zappos customers who used debit cards to make their purchases tell us they have called their bank to get the cards reissued with a new number.

Zappos has yet to say how this happened, but cyber experts say this sort of thing will continue to be a problem for online retailers.

There's not much hackers can do with the customer information they have in terms of charging your credit card, but if you use one password for everything, you should change them because password data was taken and it could be used to figure out passwords of other online stores where you shop. Experts advise you to set different passwords for every site.