Turns out that the popular online shoe and clothing retailer was attacked by cybercriminals who gained access to parts of the internal network through one of the servers in Kentucky. One Sunday, Tony Hsieh, CEO of Amazon-owned Zappos wrote on the company blog that 24+ million customers were affected, but critical credit card and other payment data was not affected or accessed. The hackers failed to get payment card numbers, because that data is encrypted, as required by the Payment Card Industry Data Security Standard.
The company sent an email to every one of their customers explaining the situation including what information was stolen: Customer name, email address, billing and shipping addresses, phone number, the last four digits of customers’ credit card number, and/or cryptographically scrambled passwords.
Zappos took swift action by expiring and resetting passwords, and they set up a password change webpage for customers to create new ones. “We also recommend that you change your password on any other web site where you use the same or a similar password,” the email sent to affected customers states.
As a result of stolen credentials, phishing attacks that try to steal sensitive information like social security numbers or lead you to a website that attempts to install a virus, are more likely. “As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail,” the blog statement says. “Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.”
avast! EasyPass is a fast, easy way to manage all your passwords. avast! EasyPass generates strong, unique passwords for every site you visit – with just one click. The best part is that you access your passwords using one Master Password, so you don’t have to remember lots of passwords. Learn more about avast! EasyPass.
You’ve probably seen applications for generating passwords. For those who have not, this is how the process actually works:
- application for generating passwords is downloaded
- user runs the application and presses the “generate” button
- a string appears that looks something like this: I8kjH9s&ER1()G
- this string is used as a password for his Mail / Facebook / Twitter / …
And now, the user has two options:
- he’ll forget his new password immediately
- to ensure that the new password is not forgotten, he’ll write it down on a sticker and put it on the computer monitor. If the user has other computer-generated passwords, he will place this “my email” sticker on top of the existing stickers.
So what’s the deal? Why am I telling you this? Because in a moment, we’re going to learn how to create secure passwords – and you’ll see that you are going to change passwords more often than you have previously. Because creating passwords can be fun.