Feeds

Play.com: Only customer emails lost in data breach

Mailshotter Silverpop blamed for malwarey kerfuffle

High performance access to file storage

Online retailer Play.com has named its marketing partner Silverpop as the guilty party behind the disclosure of customer names and email addresses.

The breach led to distribution of spam to email addresses only registered with the online retailer on Sunday, a development that led to howls of protest from users.

These emails offered supposed software updates from Adobe but actually linked to sites serving up malware.

The offer of the latest version of Adobe Reader X out of the blue and via email is unlikely to have taken in many, since the ruse was neither timely, subtle nor salacious.

Play.com, which issued an apology to users via email on Tuesday morning, has since come forward with an official statement from chief exec John Perkins (below) that seeks to downplay the significance of the admitted breach. In particular the online retailer stresses that the snafu only affected email details, and not credit card details or other sensitive information.  

On Sunday 20 March some customers reported receiving a spam email to email addresses they only use for Play.com.

We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps. We believe this issue may be related to some irregular activity that was identified in December 2010 at our email [marketing] service provider Silverpop.

Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email [marketing] service provider was email addresses. Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.

On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue.

Play.com is one of the UK's largest online retailers of DVDs, CDs, books and consumer electronics gadgets. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.