Colin notified Zappos on Thursday that there was a security issue with their site.  Check out the email thread…  It seems like they weren’t aware of the breach at the time.

On Thu, 12 Jan 2012 18:31:15 -0800 (PST), c….@gmail.com wrote:
(Sent from http://zeta.zappos.com – the Zappos of Tomorrow (today!))
Contact By: email

—– customer message to follow —–

Hi there,

My browser detects the log in fields on you site as insecure. – I proceeded against this warning and I when I tried to check out none of my crdit card or shipping info was present – this info has always been a part of my zappos account and I am suspicious why the site would ask for me to
re-enter it.

Could you please have someone take a look at this?

Thanks,
-Colin

On Fri, Jan 13, 2012 at 5:54 PM, Zappos.com  wrote:

Hi Colin,

Thank you for contacting the Zappos VIP Customer Loyalty Team. I hope you’re having a fantastic day so far!

I am very sorry that we have worried you. Our awesome (and quite hunky) security staff will go to great lengths to ensure the safety of our customers payment information. Not only are we PCI compliant, not only do we encrypt connections using SSL technology, we also encrypt payment information traveling within our company as well so that even our employees can’t view it. Lastly, all payment information is encrypted while in storage within a network that is firewalled off from the rest of the company and the internet. We have even submitted a patent request for the unique and stringent way we’re protecting credit card data!

We saw some off and on hiccups with our site today and one of them was that information, both shipping and billing, were not appearing in accounts. It is not gone, for some reason it was just not displaying correctly. This has since been corrected and we should be good-to-go!

I hope this helps clear up any concern, Colin! Please let us know if there is anything else we can assist you with, we are in Las Vegas so the lights are never off!

Have a terrific day!

Your friend at Zappos,
Kelsey W.
Zappos Customer Loyalty Team

On Sat, 14 Jan 2012 08:46:49 -0500, “Colin O’Donnell” <c….@gmail.com> wrote:

Hi Kelsey,

Could you also have you security team look in the “Insecure Login field detected”? this error was produced by my chrome password manager extension
www.lastpass.com

I believe this warning relates to the page being SSL encrypted, but the login fields coming from another non-encrypted source. – I actually abandoned my shopping cart and will not proceed with the purchase (or
future ones) because of this warning.

Thanks,
-Colin

———- Forwarded message ———-
From: Zappos.com <cs@zappos.com>
Date: Sat, Jan 14, 2012 at 9:56 AM
Subject: Re: Security concern
To: c….@gmail.com

Hi Colin,

Thank you for contacting the Zappos.com Customer Loyalty Team. I apologize for the delay in responding to your email.

I can see you are a VIP customer and it would be my pleasure to assist you!

I apologize for any confusion or inconvenience caused. Unfortuantely, you may have received the error message because of compatibility issues with the Chrome browser on our site. I have heard of other customers having issues with our site when trying to use the Chrome browser, as well. You may want to try placing your order with another browser to see if you still receive the same error message.

For your reference, I’ve included a link which will direct you to our     Zappos.com Safe Shopping Guarantee, Secure Shopping, and Privacy Policy. Please click the link below to view:

http://www.zappos.com/protecting-your-personal-information

I hope the information provided helps you. If you have any additional questions or concerns, please feel free to contact us at any time. We are here for you 24/7. Have a wonderful day Colin!

Thank you,
Kesh
Customer Loyalty Representative

Share this: