Security breach at play.com

Posted by: TomK on 21 March 2011

Just received this from Play.com.

"Dear Customer,

Email Security Message

We are emailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have been compromised.

We take privacy and security very seriously and ensure all sensitive customer data is protected. Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved.

Please be assured we have taken every step to ensure this doesn’t happen again and accept our apologies for any inconvenience this may have caused some of you.

Customer Advice

Please do be vigilant with your email and personal information when using the internet. At Play.com we will never ask you for information such as passwords, bank account details or credit card numbers. If you receive anything suspicious in your email, please do not click on any links and forward the email on to privacy@play.com for us to investigate."

I guess I'm not the only regular Play.com customer here so won't be the only person receiving this email but wanted to give a heads-up to fellow members. It's easy to get complacent when dealing with companies like Play and Amazon but nobody's immune from the hacking menace.

Posted on: 22 March 2011 by staffy

Thanks TomK......must check my emails now.

Posted on: 22 March 2011 by rodwsmith

I might buy much more stuff from play.com if they "never ask for credit card numbers"...

They have my e-mail address, but I have yet to receive the message you have, so maybe it wasn't everyone in their database. It has been a while since I bought anything from them.

Posted on: 22 March 2011 by BigH47

I received a follow up mail:-

Dear Customer,

As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.

We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .

Best regards,

John

John Perkins
CEO
Play.com