Zappos recently announced that they had been the victim of a cyber attack and that their 24+ million customers would be contacted about the incident. The database accessed did not include credit card or payment data and Zappos has already performed a reset on customer passwords. The breached information included name, e-mail address, billing and shipping addresses, phone number, the last four digits of a credit card number and/or the cryptographically scrambled password (not actual password).
As we know from earlier articles, passwords, while not a "primary" source of information, can still be quite lucrative for cyber criminals. Given that many people re-use passwords across websites, a stolen password could potentially grant access to banking information or other personally identifiable material used for fraud or identity theft. While Zappos has taken the precaution to encrypt their passwords, encrypted passwords are still sought after by cyber criminals in the hopes that encryption can be broken.
As outlined on Forbes, identity theft is still a threat from this breach and consumers should take precautions to protect their information. From a corporate perspective, a consumer breach this large could compromise business passwords, so it may be a great time to encourage a password reset with renewed training on the importance of password security.