With online shopping hitting record levels of adoption this past holiday season, it may seem to many that we're on the brink of a golden age of online commerce. But a hacking incident suffered by Zappos just last night could give some wary shoppers pause before making that next Internet purchase.
The security breach was revealed on Sunday evening by Zappos CEO Tony Hsieh via Twitter and on the company blog.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," Hsieh wrote. "We are cooperating with law enforcement to undergo an exhaustive investigation."
Hsieh's message went on to stress that the database containing customer credit card and online payment information was not affected or accessed.
Too many of us use similar passwords for most of our online log-ins. It can be hard to juggle different passwords for the dozens of accounts we have.
But the Zappos breach is a great example of how dangerous that can be.
Using the clues gleaned from Zappos accounts, the hackers may now have enough clues to gain access to a user's e-mail or other important accounts.
So while Zappos passwords may still be relatively secure, all those other pieces of information can offer clues to a user's password. That information can also be used to answer a weak set of security questions correctly.
That's why giving the same password to something important like online banking and a one-off retailer purchase like Zappos is very dangerous.
A good tip is to create passwords that are just nonsensical characters at websites that won't get daily use. If, say, you shop at Macys.com once a year, there's no reason to give that account a password similar to the important ones tied to daily destinations like e-mail or online banking.
It won't be a password you'll be able to remember, but when you have to log in next, just click the password reset button and have a link e-mailed to you.
Doing things this way means that all those accounts will always be as secure as your e-mail, which should be a password unlike any other.
There's no way to stay perfectly safe on the Web, but these tips should go a long way to keep you secure.
The security breach was revealed on Sunday evening by Zappos CEO Tony Hsieh via Twitter and on the company blog.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," Hsieh wrote. "We are cooperating with law enforcement to undergo an exhaustive investigation."
Hsieh's message went on to stress that the database containing customer credit card and online payment information was not affected or accessed.
Too many of us use similar passwords for most of our online log-ins. It can be hard to juggle different passwords for the dozens of accounts we have.
But the Zappos breach is a great example of how dangerous that can be.
Using the clues gleaned from Zappos accounts, the hackers may now have enough clues to gain access to a user's e-mail or other important accounts.
So while Zappos passwords may still be relatively secure, all those other pieces of information can offer clues to a user's password. That information can also be used to answer a weak set of security questions correctly.
That's why giving the same password to something important like online banking and a one-off retailer purchase like Zappos is very dangerous.
A good tip is to create passwords that are just nonsensical characters at websites that won't get daily use. If, say, you shop at Macys.com once a year, there's no reason to give that account a password similar to the important ones tied to daily destinations like e-mail or online banking.
It won't be a password you'll be able to remember, but when you have to log in next, just click the password reset button and have a link e-mailed to you.
Doing things this way means that all those accounts will always be as secure as your e-mail, which should be a password unlike any other.
There's no way to stay perfectly safe on the Web, but these tips should go a long way to keep you secure.
No comments:
Post a Comment