Others question the Zappos security approach. Gartner analyst John Pescatore, while noting he doesn't know if Zappos sufficiently protected its systems or not, said he finds the Zappo public response to be a good one so far, especially in terms of communicating publicly, adding "avoiding exposures of course is much better." Other analysts generally praised the Zappos response. However, phishing attacks to try and steal more customer information are also a possibility. He says the motivation for the attack is probably to gain information to sell to competitors on the black market. The Zappos decision to terminate customer password access creates a situation that makes it appear "it's a panic mode" and would likely create a sense of panic. Overall, the Zappos response strategy is "not a good idea," contends John D'Arcy, assistant professor of information technology at the University of Notre Dame. Zappos says the attacker likely gained access to customer name, email address, billing and shipping addresses, phone numbers, the last four digits of the customer card numbers and the customer's "cryptographically scrambled password." But other payment data, such as full credit-card and payment information, is not believed to have been accessed by the attacker. So far, analysts and customers have a mixed reaction to the approach Zappos - now part of Amazon - has taken, which also included sending out an email notification on Sunday night to customers informing them of the breach. MORE ON DATA BREACHES: RSA chief: Last year's breach has silver lining Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help them through the process of choosing a new password for their accounts," adding that the existing customer passwords had been terminated. These steps are all part of the breach response strategy undertaken last Sunday as Zappos CEO Tony Hsieh posted an open letter online to Zappos employees about a "cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky." In this open letter, Hsieh wrote, "The most important focus for us now right now is the safety and security of our customers' information. It does not store any personal data.In acknowledging a data breach in which information related to as many as 24 million customers was stolen, online shoe and clothing retailer Zappos has taken assertive steps, including compelling customers to change passwords, plus temporarily foregoing 800-number phone service in an effort to redeploy customer-service representatives to respond to customer email. The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. The cookie is used to store the user consent for the cookies in the category "Performance". This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. The cookies is used to store the user consent for the cookies in the category "Necessary". The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". The cookie is used to store the user consent for the cookies in the category "Analytics". These cookies ensure basic functionalities and security features of the website, anonymously. Necessary cookies are absolutely essential for the website to function properly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |