So if you've ever bought anything from the e-tailer, you need to take action now.
Zappos says a hacker gained access to its internal network through one of the company's servers in Kentucky.
Here's what may have been stolen: Names, phone numbers, email addresses, billing and shipping addresses, the last four digits from credit cards and more.
What you need to do is change your Zappos password as soon as you can. You may have to be patient, though.The Zappos website and systems were very slow on Monday and it may even take you a couple tries to get your password changed.
Calling Zappos.com with questions may also be difficult. On Monday, the company was not answering phones.
Also, make sure to check your credit report regularly for any suspicious or fraudulent activity.
Thanks to federal law you can get your report for free from each of the three credit reporting bureaus once a year, which means if you spread it out, you can check your report at no cost every four months.
The government-authorized website is www.annualcreditreport.com. There is no purchase required to get your free reports.
But watch out for sites like freecreditreport.com which can eventually cost you. You can also call for your free report. 1-877-322-8228.
Be aware when you order, you will have to give your name, address, Social Security number, and birth date.
You may also have to provide some info only you would know like the amount of your monthly mortgage payment. That's to verify your identity.
You might also consider having a free fraud alert put on your credit reporting file.
From Federal Trade Commission:
You have the right to ask that nationwide consumer credit reporting companies place "fraud alerts" in your file to let potential creditors and others know that you may be a victim of identity theft. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you. It also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide consumer credit reporting companies. As soon as that agency processes your fraud alert, it will notify the other two, which then also must place fraud alerts in your file.