by Ian Bush

PHILADELPHIA (CBS) — A popular online shoe store has fallen victim to a hacker attack. has sent out e-mails warning its 24 million customers that their personal information may be in the wrong hands.

Names, phone numbers, e-mail addresses, billing addresses, shipping addresses, even partial credit card numbers (the last four digits) — that’s what Zappos acknowledges was accessed.

“It’s likely most of this will never be used, but some of it might be used with criminal activity,” Bruce Schneier, an author and Internet security expert, tells KYW Newsradio.

“The idea might be to get credit cards in their name, to try to get credit in their name,” he says.  “These things do happen, though they’re not that common.”

Schneier says it’s a great haul “if it’s a bunch of kids looking to embarrass Zappos.”   But if the attackers are criminals bent on identity theft, he says, “it’s going to depend on exactly what was stolen, and exactly what they want to do with it.  You’ll see this data for sale sometimes on black market sites.”

Schneier says to follow Zappos’ suggestion to create a new password and change your login on other sites that share the same details.   It’s part of the acceptable risk, he says, of doing business online.

Top Content On CBSPhilly