According to an e-mail from Zappos chief executive Tony Hsieh, attackers gained access to parts of the company's internal network and systems through a server in Kentucky.
Hsieh said the attackers may have swiped customer account information on Zappos.com, including names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or cryptographically scrambled password (but not the actual password).
Zappos made it clear that the database that stores critical credit card and other payment data was NOT affected or accessed.
Amazon.com, which owns Zappos, was not affected by this breach.
More details can be found in Hsieh's email.