Data loss at Play.com

Filed Under: Data loss

Play.com suffers security breach
Play.com, one of the largest online retailers of DVDs, CDs, MP3s, books and gadgets, emailed its customers yesterday admitting to a security breach in its marketing communications. Names and emails may have been compromised.

Play.com claims the breach happened outside its walls, so presumably they use a third party marketing consultancy to manage part or all of its marketing activities.

Here is one of the messages that was sent out to customers by Play.com:

Dear Customer,

Email Security Message

We are emailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have been compromised.

We take privacy and security very seriously and ensure all sensitive customer data is protected. Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved.

Please be assured we have taken every step to ensure this doesn’t happen again and accept our apologies for any inconvenience this may have caused some of you.

Customer Advice

Please do be vigilant with your email and personal information when using the internet. At Play.com we will never ask you for information such as passwords, bank account details or credit card numbers. If you receive anything suspicious in your email, please do not click on any links and forward the email on to privacy@play.com for us to investigate.

Thank you for continuing to shop at Play.com and we look forward to serving you in the future.

Play.com Customer Service Team

This is not the first time that Play.com suffered from this kind of incident. Back in November 2009, the BBC and others reported a similar ordering fiasco at the online retailer.

The Register reported at the time that one of its readers had received as many as 24 order confirmation emails destined for other customers. The confirmation email listed what items were ordered, email address, delivery address and payment method, but no other financial details.

While Play.com say that no credit card information has been stolen, but it is wise to keep your eye on your credit card transactions to ensure there is nothing amiss.

Advice for Play.com users:

* To be on the safe side, you should consider changing your Play.com password and the associated email account password.
* Be sure to always use different passwords for your different online accounts. If one gets compromised, you can rest assured that the bad guys might go searching other popular online spots to see if they can break into your account with the same password.
* If you receive any emails from Play.com that you were not expecting, do not open it - simply delete it.
* Companies need to make sure that any third parties they do business with have adequate security policies in place.

, ,

You might like

3 Responses to Data loss at Play.com

  1. T J · 1277 days ago

    I never received any e-mail from play.com about this,and I use them all the time. I also would never believe anything I read in the register as its known for exaggerating things all out of proportion.

    I will however change my password for play as I prefer to be safer than sorry.

    • caroletheriault · 1277 days ago

      When these things happen, they tend not to affect all users, so you *might* not have been affected. I think changing your password is good idea. I don't really like the fact that Play.com are trying to disassociate themselves from the breach. They brought in the third party to manage some of their marketing efforts. Your relationship is with Play.com. They have therefore entrusted your details with this third party, and they screwed up. Would be nice for Play.com to explain what actions they are taking to ensure this doesn't happen again.

  2. Rob · 1277 days ago

    Both myself any my wife received this email. GMail's SPF checking passed it as authentic. I'm inclined to trust it, therefore. Not that it actually tells us much.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Hi. I am a social, brand and communications expert with 10 years in senior roles in the tech space. I'm currently Sophos' s Global Director of Social Media and Communities. Proudest work achievement? Creating and launching award-winning Naked Security. Outside work, I am a mean cook, an avid reader, a chronic insomniac, a podcast obsessive and blogger .