After Zappos hack, how to protect yourself online

Another week, another computer security breach. Hackers broke into a Zappos server in Kentucky Sunday night, giving them access to personal records of 24 million Zappos customers -- which means if you've ever used the site, you're probably a victim too.

Actually, if you've ever been online, the chances are pretty good that some malevolent person has captured personal information about you and tried to break into your personal computer or credit card account.

Although the criminals were after more than your shoe size, they apparently did not get full credit card numbers, but an investigation is underway. More disturbing, Zappos is owned by Amazon, which demonstrates that even the biggest online players are vulnerable to attack.

So what can you do to protect yourself? Here are some important reminders:

Use a Tough Password: Yes, we're always being reminded not to use the name of our pet snake or favorite fast food as a password, but who can remember 50 different passwords for all those Web sites that require registration? The best advice is to rotate through a series of passwords, changing them on a regular basis. But most important of all is to create one really difficult password and use it only for your e-mail account.

More On This...

The reason is that many sites check password changes or send account access confirmations to e-mail accounts. If a hacker has access to your e-mail, he'll basically have access to everything from your bank account to your Amazon shopping cart. To make your e-mail password tough to crack use a mix of letters and numbers that's at least 8 characters long. And, no, combining Fluffy's name with your birthday does not count.

Get a Credit Report: You're entitled to get at least one free credit report a year, which will tell you if someone has opened a spurious credit card or loan in your name. You can also get a free report in many states if you've recently been turned down for a job (and who hasn't been rejected in this economy?). These reports are absolutely free, so don't fall for that ad campaign that offers "free" reports but actually makes you pay. Just contact one of the three reporting companies--Equifax, Experian, or TransUnion -- yourself and get a truly free report. Better yet, put an annual reminder in your calendar so you don't forget next year.

Update Your Software: Several recent online security studies report that over 90 percent of successful malware and hacking attacks are the result of consumers using old software. You don't have to buy new software to stem the threat. All you have to do is install the free updates. The reason is that most of these updates include security patches for known holes that hackers use to access systems. Patching all your programs can be about as much fun as white-knuckling it through a snow storm. Fortunately, hackers mainly target four popular programs, which you should update regularly: Java, Adobe Acrobat, Adobe Flash, and Microsoft's Internet Explorer.

Get An Anti-virus Shot: It's true that if you're really careful, never use a social networking site, and never open a video or e-mail online, you can avoid viruses. The rest of us should use some sort of anti-virus software. There are free programs from reputable firms such as Avast and Bitdefender. Use one of their offerings.

Don't Click That E-mail: Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such "official" e-mails are from hackers (for example, "We've had a security problem. Please change your password."). These fraudulent e-mails can be virtually indistinguishable from legitimate missives, including identical graphics, logos, and authentic looking return e-mail addresses. I recommend never clicking on links in such e-mails. Instead, open a separate browser window and go directly to, say, your bank's official site. If there's a important notice, you'll find it there.

Follow John R. Quain on Twitter @jqontech or find more tech coverage at