Feeds

Play.com: Only customer emails lost in data breach

Mailshotter Silverpop blamed for malwarey kerfuffle

Beginner's guide to SSL certificates

Online retailer Play.com has named its marketing partner Silverpop as the guilty party behind the disclosure of customer names and email addresses.

The breach led to distribution of spam to email addresses only registered with the online retailer on Sunday, a development that led to howls of protest from users.

These emails offered supposed software updates from Adobe but actually linked to sites serving up malware.

The offer of the latest version of Adobe Reader X out of the blue and via email is unlikely to have taken in many, since the ruse was neither timely, subtle nor salacious.

Play.com, which issued an apology to users via email on Tuesday morning, has since come forward with an official statement from chief exec John Perkins (below) that seeks to downplay the significance of the admitted breach. In particular the online retailer stresses that the snafu only affected email details, and not credit card details or other sensitive information.  

On Sunday 20 March some customers reported receiving a spam email to email addresses they only use for Play.com.

We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps. We believe this issue may be related to some irregular activity that was identified in December 2010 at our email [marketing] service provider Silverpop.

Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email [marketing] service provider was email addresses. Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.

On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue.

Play.com is one of the UK's largest online retailers of DVDs, CDs, books and consumer electronics gadgets. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.