Play.com, one of the largest online retailers of DVDs, CDs, MP3s, books and gadgets, emailed its customers yesterday admitting to a security breach in its marketing communications. Names and emails may have been compromised.
Play.com claims the breach happened outside its walls, so presumably they use a third party marketing consultancy to manage part or all of its marketing activities.
Here is one of the messages that was sent out to customers by Play.com:
Email Security Message
We are emailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have been compromised.
We take privacy and security very seriously and ensure all sensitive customer data is protected. Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved.
Please be assured we have taken every step to ensure this doesn’t happen again and accept our apologies for any inconvenience this may have caused some of you.
Please do be vigilant with your email and personal information when using the internet. At Play.com we will never ask you for information such as passwords, bank account details or credit card numbers. If you receive anything suspicious in your email, please do not click on any links and forward the email on to firstname.lastname@example.org for us to investigate.
Thank you for continuing to shop at Play.com and we look forward to serving you in the future.
Play.com Customer Service Team
This is not the first time that Play.com suffered from this kind of incident. Back in November 2009, the BBC and others reported a similar ordering fiasco at the online retailer.
The Register reported at the time that one of its readers had received as many as 24 order confirmation emails destined for other customers. The confirmation email listed what items were ordered, email address, delivery address and payment method, but no other financial details.
While Play.com say that no credit card information has been stolen, but it is wise to keep your eye on your credit card transactions to ensure there is nothing amiss.
Advice for Play.com users:
* To be on the safe side, you should consider changing your Play.com password and the associated email account password.
* Be sure to always use different passwords for your different online accounts. If one gets compromised, you can rest assured that the bad guys might go searching other popular online spots to see if they can break into your account with the same password.
* If you receive any emails from Play.com that you were not expecting, do not open it - simply delete it.
* Companies need to make sure that any third parties they do business with have adequate security policies in place.