A large US online shoe and clothing retailer has admitted hackers made of with personal details of millions of customers.
Attackers hacked a server in Kentucky and grabbed databases with names, phone numbers, email addresses and hashed passwords - but not credit card or payment data.
Chief executive officer Tony Hsieh said in an internal email republished online but banned to international visitors, that Zappos.com had reset passwords for all 24 million customers and would email them to advise of the incident.
"...we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts," Hsieh said.
He advised customers to change passwords of all accounts that share their Zappos password.
The company shut off telephone lines and reverted solely to email in anticipation of a deluge of customer calls.
Amazon bought Zappos for US$1.2 billion in 2009. Amazon accounts were not affected.
A copy of the internal email sent to staff and customers is available on Pastebin.com (http://pastebin.com/9hrp7U7x).