On January 15, 2012, Zappos.com announced that their customer account information may have been compromised, including customer names, e–mail addresses, billing and shipping addresses, and phone numbers. CNN reports that this affects 24 million Zappos.com customers.
Fortunately, Zappos.com announced that customer credit card numbers were not compromised. Although unencrypted customer account passwords were not compromised (the encrypted customer account passwords may have been compromised), Zappos.com took the proactive steps of resetting all customer account passwords and recommending that customers change their passwords at other Web sites.
This is another reminder of how important it is to use separate, strong passwords for each online account that you have. As I mentioned in previous postings, a recent study concluded that 75% of users had the same password for both their e–mail accounts and their social networking accounts. If hackers are able to obtain your username and password from one company, they may try the same username and password combination at other popular Web sites. For a detailed list of other reported data breaches, see the list at Privacy Rights Clearinghouse, a nonprofit consumer organization (at this time of this posting, they listed 2,841 publicly–reported data breaches since 2005!).
I’ve previously written about ways to keep track of and securely store your important passwords and online account information. For online accounts, Microsoft recommends creating strong passwords of 14 characters or more with a combination of uppercase letters, lowercase letters, numbers, and symbols. It’s difficult to remember strong passwords, and it’s easy to make a typo when entering them. As I’ve mentioned before, there are tools that enable you to create and maintain an encrypted electronic list of passwords and online accounts on your smartphone or your computer, and these tools can integrate with your Web browser and automatically look up and enter your passwords for your online accounts. For example, LastPass, KeePass, 1Password, RoboForm, and Keeper, among others.
Remember to let your family members and fiduciaries know where you keep your “master” password to unlock your encrypted electronic list of passwords and online accounts in case you become incapacitated or die, and make sure they know where your encrypted electronic list is kept too.