Zappos, the Amazon-owned shoe and apparel retailer, said late last week that more than 24 million of its customer accounts had been compromised.
Hackers were able to access Zappos customers' names, email addresses, addresses, phone numbers, the last four digits of credit card numbers and cryptically scrambled passwords.
Zappos reset the passwords for all the affected accounts and notified customers with instructions about how to create a new password.
"We've spent over 12 years building our reputation, brand, and trust with our customers," Zappos CEO Tony Hsieh said in a note to employees Sunday. "It's painful to see us take so many steps back due to a single incident."
Zappos customers may be able to quickly tighten up their user account at the shoe retailer, but the real danger lies in what other important web accounts carry similar information.
Too many of us use similar passwords for most of our online log-ins. It can be hard to juggle different passwords for the dozens of accounts we have.
But the Zappos breach is a great example about how dangerous that can be.
Using the clues gleaned from Zappos accounts, the hackers may now have enough clues to gain access to a user's email or other important accounts.
So while Zappos passwords may still be relatively secure, all those other pieces of information can offer clues to a user's password. That information can also be used to answer a weak set of security questions correctly.
That is why giving the same password to something important like online banking and a one-off retailer purchase like Zappos is very dangerous.
A good tip is to create passwords that are just nonsensical characters at websites that won't get daily use. If, say, you shop at Macys.com once a year, there's no reason to give that account a password similar to the important ones tied to daily destinations like email or online banking.
It won't be a password you will be able to remember, but when you have to log in next, just click the password reset button and have a link emailed to you.
Doing things this way means that all those accounts always will be as secure as your email, which should be a password unlike any other.