Online shoe and clothing retailer Zappos, which is owned by Amazon.com, began emailing its 24 million customers Sunday, advising them that its site had been hacked, and some customers' personal details and account information likely stolen. But Zappos said that no credit or debit card information had been accessed by attackers.

The stolen data may have included each customer's name, email address, billing and shipping address, the last four digits of their credit card number, and a "cryptographically scrambled" version of their website password. Such encryption, however, might not prevent attackers from eventually recovering passwords.

Accordingly, Zappos has expired all customers' passwords, and directed customers to reset their passwords via a dedicated password-reset page.

Despite Zappos' data breach notification to consumers, the company hasn't yet answered several key questions, such as detailing when the data breach occurred, the length of time for which attackers may have had access to its systems, or how the breach was finally detected. Zappos also hasn't indicated whether it will offer identity theft monitoring services to affected customers.