Zappos CEO Tony Hsieh says a criminal gained access to certain parts of the network through one of the company’s servers in Kentucky. Names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or the cryptographically scrambled passwords (but not the actual passwords) The company has taken action by expiring and resetting passwords and asking customers to create new ones. The database that stores customers’ critical credit card and other payment data was not affected or accessed.”]
Source: https://www.cuinfosecurity.com/zappos-breach-affects-24-million-a-4406