Play.com: Only customer emails lost in data breach
Mailshotter Silverpop blamed for malwarey kerfuffle
Online retailer Play.com has named its marketing partner Silverpop as the guilty party behind the disclosure of customer names and email addresses.
The breach led to distribution of spam to email addresses only registered with the online retailer on Sunday, a development that led to howls of protest from users.
These emails offered supposed software updates from Adobe but actually linked to sites serving up malware.
The offer of the latest version of Adobe Reader X out of the blue and via email is unlikely to have taken in many, since the ruse was neither timely, subtle nor salacious.
Play.com, which issued an apology to users via email on Tuesday morning, has since come forward with an official statement from chief exec John Perkins (below) that seeks to downplay the significance of the admitted breach. In particular the online retailer stresses that the snafu only affected email details, and not credit card details or other sensitive information.
On Sunday 20 March some customers reported receiving a spam email to email addresses they only use for Play.com.
We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps. We believe this issue may be related to some irregular activity that was identified in December 2010 at our email [marketing] service provider Silverpop.
Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email [marketing] service provider was email addresses. Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.
We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.
On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue.
Play.com is one of the UK's largest online retailers of DVDs, CDs, books and consumer electronics gadgets. ®
Sponsored: 2016 Cyberthreat defense report