Twenty-four million accounts at Zappos.com have been hacked, according to notifications sent out to customers. According to the online shoe retailer, which is owned by Amazon.com, no credit card information was stolen, instead it was personal data like names, addresses, phone numbers, and emails, as well as the last four digits of a credit card number (traditionally used for verification). While 24 million compromised accounts doesn't rank the Zappos attack all that high in terms of history's biggest hacks, it's pretty alarming if you're one of those 24 million getting that email.
So what do you do now? Look in your inbox for scams. "Phishing is the attempt to pretend to lure you - like for fish- except they're luring you to believe that they're the organization that you have the business relationship with," says Chester Wisniewski of the security firm Sophos. "So many users have probably received these types of emails pretending to be Facebook, or pretending to be Hotmail, saying that their password needs to be reset, and if you go there, it's a pretend one that's set up to get you to enter your username and password.
It's very likely that whoever stole these passwords will turn around and pretend to be from Zappos, asking those same customers to "verify" information. "We've been warning users not to click links from emails even if it appears to be a legitimate warning message from Zappos," says Wisniewski. "You should just go to Zappos.com and there's a large button in the upper corner of the screen that allows you to reset your password without clicking any links in email
In other words: never click on a link in an email, especially if you have doubts about where it's really coming from. Besides that, says Wisniewski, "Limit the amout of personal information or websites that you store credit card information to begin with in case this happens to any other organizations you may do business with. And keep an eye for fraud on your credit report as usual. Having different passwords for each website really limits your risk. In this case, I was a Zappos customer, but I only used the password I used on Zappos there, so even if the criminals have it, they can't access any of my other accounts, and there are a lot of other great free tools people can Google that will allow them to do password management like that.
Yes, the new book from law professor Lori Andrews has a pretty alarming title: "I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy." But her treatment of the subject matter strikes a fairly alarming tone as well. It's all about the ways social networks are being used for purposes that are anything but friendly and how we must take a new approach to learning about and managing these tools.
For instance, the legal system has been looking at social networks very closely. "It's coming into court in all sorts of problematic ways," says Andrews. "One injured woman sued after she had to undergo four surgeries, have pins put in her spine as a result of her accident, and the judge actually said her smiling photo on her MySpace page meant she couldn't possibly be harmed. So, our digital doppelganger is having more influence on our life than our actual physical self."
But if you're going to be on a social site, don't you ultimately have personal responsibility for your own presence there and to make sure you're being portrayed fairly and accurately? Or at least have your privacy protected from anyone who might judge you unfairly? "Part of it is the responsibility of the person," Andrews says, "but people don't really understand that benign things they are posting on Facebook or other social networks might have some impact against them."
Andrews proposes what she calls a Social Network Constitution to protect certain rights. "The right to connect, free speech, right to privacy and right to a fair trail," she says, "because, amazingly, jurors are now Googling pictures of the crime scene and some are actually posting the facts of the case on Facebook and asking their friends to vote up or down. So, you're supposed to able to only decide cases based on the evidence you hear in the courtroom so the defense attorney has a chance to cross-examine the witness, but now people are using social networks, Twitter and so forth, to upend the right to a fair trial."