Featured Research

from universities, journals, and other organizations

Consumers should be vigilant in wake of Zappos cyberattack

Date:
January 18, 2012
Source:
Indiana University
Summary:
As an estimated 24 million Zappos.com customers begin receiving notifications that some of their personal data have been compromised, an expert is warning those affected to be on the lookout for targeted fraud attempts.

As an estimated 24 million Zappos.com customers begin receiving notifications that some of their personal data have been compromised in a massive cyberattack, an Indiana University cybersecurity expert is warning those affected to be on the lookout for targeted fraud attempts.

The recent announcement by Zappos that customer accounts had been compromised by an unknown attacker poses serious risks for consumers, according to Maurer School of Law Distinguished Professor Fred H. Cate.

Efforts by Zappos CEO Tony Hsieh to reassure affected customers of his online shopping site that "customers' critical credit card and other payment data was not affected," run the risk of misfocusing the public attention and understating the risk, Cate said.

"Credit cards are covered by a federal law that limits consumer liability in the case of fraud up to $50, and card issuers universally waive even that small amount," he said. "Compromised credit card data is not the major area for concern."

Instead, according to Cate, who also serves as director of the IU Center for Applied Cybersecurity Research, the data that were reportedly accessed in the Zappos breach -- customer names, addresses, phone numbers, email addresses and encrypted passwords, in addition to the last four digits of customer credit card numbers -- pose the greatest risk to affected individuals. That risk falls into three categories.

First, this information is precisely that used by fraud perpetrators to send fraudulent phishing emails purporting to come from legitimate businesses to individuals. "Think about it," Cate said. "If you get an email from a company that includes your correct name and contact information and refers to the last four digits of your credit card number, wouldn't you think it is real?

"In fact," Cate continued, "it is not at all clear how customers will be able to distinguish real messages from fraudulent emails claiming to come from Zappos itself."

Second, this is exactly the information necessary to locate other data about individuals in public and commercial records.

"If I have your name, address and phone number, in many states I can get your property tax records, marriage license and other publicly available information," Cate said. "With that additional information a criminal is in an even better position to commit frauds in your name or to access password-protected sites by using the extra information to answer password-reset questions."

Third, since the information included emails and encrypted passwords, this poses a serious risk to other online accounts held by affected customers of Zappos.

"Almost all consumers reuse passwords, and email addresses often serve as default account names for online sites, so depending upon the quality of encryption being used by Zappos, it is entirely possible that the perpetrators will have access to a wide range of online accounts," Cate said.

Fortunately, most major breaches do not result in extensive fraud. In addition, there are practical steps consumers can take to protect themselves, including:

-- Changing passwords on all accounts that used the same passwords compromised on the Zappos site. -- Using unique passwords on all online sites. -- Monitoring account, credit card and bank statements carefully. -- Paying special attention to emails received, especially those claiming to be from businesses for which the consumer may have used the same credentials.

For practical tips on setting strong new passwords, as well as other helpful cybersecurity tutorials, visit the Center for Applied Cybersecurity Research's Security Matters website at www.securitymatters.iu.edu.


Story Source:

The above story is based on materials provided by Indiana University. Note: Materials may be edited for content and length.


Cite This Page:

Indiana University. "Consumers should be vigilant in wake of Zappos cyberattack." ScienceDaily. ScienceDaily, 18 January 2012. <www.sciencedaily.com/releases/2012/01/120118122618.htm>.
Indiana University. (2012, January 18). Consumers should be vigilant in wake of Zappos cyberattack. ScienceDaily. Retrieved April 21, 2014 from www.sciencedaily.com/releases/2012/01/120118122618.htm
Indiana University. "Consumers should be vigilant in wake of Zappos cyberattack." ScienceDaily. www.sciencedaily.com/releases/2012/01/120118122618.htm (accessed April 21, 2014).

Share This



More Computers & Math News

Monday, April 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Nintendo Changed Gaming World, but Its Future Uncertain: Upstone

Nintendo Changed Gaming World, but Its Future Uncertain: Upstone

AFP (Apr. 19, 2014) The Nintendo Game Boy celebrates its 25th anniversary Monday and game expert Stephen Upstone says the console can be credited with creating a trend towards handheld gaming devices. Duration: 01:21 Video provided by AFP
Powered by NewsLook.com
Why Did Nike Fire Most Of Its Nike FuelBand Team?

Why Did Nike Fire Most Of Its Nike FuelBand Team?

Newsy (Apr. 19, 2014) Nike fired most of its Digital Sport hardware team, the group behind Nike's FuelBand device. Could Apple or an overcrowded market be behind layoffs? Video provided by Newsy
Powered by NewsLook.com
Nearly Two Weeks On, The Internet Copes With Heartbleed

Nearly Two Weeks On, The Internet Copes With Heartbleed

Newsy (Apr. 19, 2014) The Internet is taking important steps in patching the vulnerabilities Heartbleed highlighted, but those preventive measures carry their own costs. Video provided by Newsy
Powered by NewsLook.com
Facebook To Share Nearby Friends Data With Advertisers

Facebook To Share Nearby Friends Data With Advertisers

Newsy (Apr. 19, 2014) A Facebook spokesperson has confirmed the company will use GPS data from the new Nearby Friends feature for advertising sometime in the future. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

More Coverage


Zappos Breach Goes Beyond Credit Cards: Consumers Face Identity Theft If Hackers Correlate Other Penetrated Databases

Jan. 18, 2012 An expert comments on the Zappos web site breach by hackers. He said that information about a customer can be used to 'de-anonymize' other databases on other Web sites, further invading ... read more
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins