PORTLAND, Ore. - Online shoe seller Zappos.com says a hacker may have accessed the personal information of up to 24 million customers.
Customers’ credit card and payment information was not stolen, but names, phone numbers, e-mail addresses, billing and shipping addresses, the last four digits from credit cards, and more may have been accessed, according to an e-mail that chief executive Tony Hsieh sent on Sunday to employees.
Zappos is contacting customers by e-mail and urging them to change their passwords.
Zappos said the hacker gained access to its internal network and systems through one of the company’s servers in Kentucky. Zappos is based in Las Vegas. It is owned by Seattle-based Amazon.com Inc.
“We’ve spent over 12 years building our reputation, brand, and trust with our customers,’’ Hsieh said in his e-mail. “It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.’’