If you change your password, do not use a link from within the email if there was any.

It's so irritating. I have 2 that I switch between and I don't remember which one it is for Zappos. I think I'm just gonna change my email address everywhere.

For those who have not received the email, be sure to check your spam folder. I found the Zappos email in mine this afternoon. I changed my password there and on 4-5 other sites where I used the same password.

I have not gotten a zappos email yet although have bought stuff from them recently. But I did get fraudulent charges (from microsoft Xbox) on my card last week. Not sure if it is related or not.

Definitely change all of your passwords. My credit card was used fraudulently last week at Zappos. I don't know if it is a coincidence or not but I will not be ordering anything from them again. I would also place a fraud alert on your credit report.

If I didn't get an email does that mean I'm safe? I changed my email and facebook passwords to be safe and my bank ones are already totally different. I don't want to try to think of everything and remember all new passwords.

I got one from zappos. I probably used the same password at hundreds of shopping and credit card sites.

OP I got it too, and was wondering the same thing. Ugh.

I got one for 6pm.com.

I bought something there over 2 years ago and my credit card info was stolen-- the CC company caught it early, luckily. So I was pretty surprised that I was getting this just now-- I was like, DUH, I told you your site got hacked 2 years ago, people!

I got it a couple of days ago, too, plus one for 6pm.com.

OP here. I got it a couple of days ago, so maybe they have pinpointed which customers were hit.

Has it been sent yet? I have not gotten it either.

Was zappos able to pinpoint which subset of customers' data was compromized? I ask because I am a zappos customer who did not get the email. I guess I could just change my passwords out of an abundance of caution, but that would be really annoying if it isn't necessary.

Yes, you do. Here is why:

These guys have your email address and hashed password. If they crack that password, which they very will might, they will sell it to people who go and try that same email address/password combination on Facebook, email providers, banks, internet shopping sites, and more. They do this because so many people use the same combo over and over. Sometimes the hackers publish the list on the Internet to hacker sites for free, which means that any mischief-loving kid who can run a script will try to see what they can get.

Did anyone else get that e-mail from Zappos about a website breach? They reset my password, and recommend I change my password on all sites where I use the same or similar password. Is that CYA on their part, or do I really have to change all my passowords?