After Zappos hack, some online shopping safety tips to consider

From ConsumerReports.org.

Online shoe retailer Zappos.com has been targeted by hackers, company CEO Tony Hsieh reported on Sunday. Personal information—including e-mail addresses, names, phone numbers, and shipping addresses—for more than 24 million Zappos customers may have been compromised, Hsieh wrote in an e-mail to employees.

In an additional and separate e-mail to customers, Hsieh said:

“ The database that stores your critical credit card and other payment data was NOT affected or accessed.”

The attack against Zappos, a unit of giant online retailer Amazon, is still being investigated. As a safety precaution, Zappos has automatically expired passwords for its customers’ accounts, requiring returning users to create new log-in codes to access their accounts.

Here are some hints for safer online shopping:

• Never use the same password for multiple sites. Minimize the chance that a hacker can gain access to your other online accounts from the information cracked.

• Create and use separate e-mail addresses. Specific e-mail accounts for specific shopping sites—say, “MyAmazonAccount@gmail.com”—will limit your data exposure if only one particular online retailer gets hacked.

• Never use any part of your name or any other easily guessed word in your password.

• Use a strong password. These are phrases that are a mixture of letters and numbers. Substituting numbers for letters might help you remember your login a well—”pa55w0rd” instead of “password,” for example. Some websites will allow the use of symbols, such as ! and #, as well as distinguish letter cases. For more information, see: How to create a strong password (and remember it!)

For more ways on how to protect your information while surfing the Internet, see Consumer Reports’ Guide to online security.

—Paul Eng