Online retailer Play.com admits data breachby
Online retailer Play.com’s customers have been hit with spam following a security breach at its email service provider, which exposed their names and email addresses.
In a bid to play down the situation and reassure consumers, the firm’s chief executive John Perkins issued a statement saying that it had"acted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps".
He indicated that the incident could be related to "irregular activity" that was spotted at its email service provider Silverpop in December last year. This had led to an investigation that, worryingly, "showed no evidence that any of our customer email addresses had been downloaded".
The spamming did not start until Sunday 20 March, however, and comprised messages that appeared to offer the latest version of Adobe Reader X, while actually linking to web sites serving up malware.
Perkins said: "We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again."
Other personal information such as credit card details and passwords was stored in Play.com’s "very secure" systems and the firm had "one of the most stringent internal standards of e-commerce security in the industry", he added.
But Mark Harris, vice president of security software and information provider SophosLabs, said: "While it is good thing that Play.com issued a statement to let customers know about the security breach, it does not offer any information about what people should do if they notice any unusual activity on their Play.com account."
Moreover, the full extent of the information that had been leaked was unclear. "Any security breach involving the loss of customer information is extremely serious – even though Play.com has stated that the breach occurred with a third party, they are ultimately responsible for the security of their customers’ data," Harris added.