Scanning Twitter for responses to the Zappos breach, we have a few favourites that are awfully telling:
From @jjmartucci: I bet 99% of the stolen Zappos passwords were “shoes”. // Fact: most passwords are frighteningly easy to guess. We bet that those passwords aren’t “shoes” at all, but rather “password”, “abc123” and others from the list of too-often-used passwords. Alphanumeric passwords just aren’t as safe as we think they are.
From @dombenoit: receive @zappos email asking to change password after hack, can’t change password because i’m outside the US… good thinking guys.// Fact: American may be in the center of some poorly conceived maps, but it is not the center of the universe. Corporations, don’t forget that the majority of the world lives outside of the US, and they need customer service too.
From @kimfouroffive: In order to change my Zappos password I would have to remember my Zappos password and that’s not going to happen. // Fact: Tons of consumers rely on the “cookies” on their computer to remember their passwords. There’s no need to delve into all the reasons that’s poor practice. But let’s face it – many users either don’t remember their passwords, or they have them written on a post-it in their desk.
From @Kevbo1111: Wait, you’re telling me a company whose office looks like this, has lax security? #Zappos http://pic.twitter.com/pr9SrfCF // Fact: If we could see inside the workings of all the places that hold our ‘secure data’ we wouldn’t feel so secure.
From @Tuna999: Im confused, is that zappos security email real? // Fact: This is actually a very smart question, that many wouldn’t think to ask (or research before clicking through). A phishing attempt can look much the same, and confuse consumers into handing over their credentials to fraudulent sites.
From @justAK: Had someone try to acces my bank info a few times. Could this be cause of the #zappos #hacking ? I hope not. #worried // Fact: Too many users have the same password for all online accounts. It’s not hard to believe that hackers would use information from one site to try to access others.
From @andishehnouraee: Zappos hacked, “sensitive” customer info stolen. Before I’m outed, I’ll confess here: I’m a size 12. // Fact: sensitive information is a lot more sensitive than shoe size. That said, great sense of humor!
From @Tontiella: Zappos why are your accounts being hacked into?? Who is not doing their job to prevent this? // Fact: Strong security measures are fabled to be more expensive than responding to data breaches. Time will tell how this affects Zappos in the long term, but let’s just say that resetting passwords doesn’t instill a sense of trust. (And, for the record, strong mutual authentication is well worth the investment)