Feeds

Play.com: Only customer emails lost in data breach

Mailshotter Silverpop blamed for malwarey kerfuffle

The Power of One eBook: Top reasons to choose HP BladeSystem

Online retailer Play.com has named its marketing partner Silverpop as the guilty party behind the disclosure of customer names and email addresses.

The breach led to distribution of spam to email addresses only registered with the online retailer on Sunday, a development that led to howls of protest from users.

These emails offered supposed software updates from Adobe but actually linked to sites serving up malware.

The offer of the latest version of Adobe Reader X out of the blue and via email is unlikely to have taken in many, since the ruse was neither timely, subtle nor salacious.

Play.com, which issued an apology to users via email on Tuesday morning, has since come forward with an official statement from chief exec John Perkins (below) that seeks to downplay the significance of the admitted breach. In particular the online retailer stresses that the snafu only affected email details, and not credit card details or other sensitive information.  

On Sunday 20 March some customers reported receiving a spam email to email addresses they only use for Play.com.

We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps. We believe this issue may be related to some irregular activity that was identified in December 2010 at our email [marketing] service provider Silverpop.

Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email [marketing] service provider was email addresses. Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.

On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue.

Play.com is one of the UK's largest online retailers of DVDs, CDs, books and consumer electronics gadgets. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.