Spam from "GSN" to e-mail address registered on Play.com

1356715

Comments

  • Kilty_2
    Kilty_2 Posts: 5,818 Forumite
    Got this too to [EMAIL="enquiries@mydomain"]enquiries@mydomain[/EMAIL] - also a play.com customer account.
  • halfer
    halfer Posts: 38 Forumite
    @VariousArtists - I thought of using a fake credit card number, but one has to be careful with that sort of thing. It may be picked up by an automated system, and may look like you are intending to purchase goods on a fake number.

    Perhaps if you do it, email them to say you're doing it (and why), so they cannot later complain.
  • lizards
    lizards Posts: 244
    Name Dropper First Anniversary First Post Combo Breaker
    Forumite
    I caught BT out in the same way too years ago! Glad it's not just me. Other culprits over the years are Ticketline, ThisIsLondon, Frontier Canada, Bunches by Post and Days Out Guide (the 2 for 1 attraction tickets if you travel by rail scheme) :mad:

    Definitely not a dictionary attack or I'd see stuff more often. Occasionally I do get things like this to a username I've never used, but it's not a company name ever - just random letters. This was clearly associated with Play - "play@" and "play247@".

    I'm not so sure there is a reduction in security as "bad people" would also have to know my domain name too. Most people use exactly the same email address for every company so that's less secure than a different one for each company even if part of it is based on the company name! So what I am saying is that if they were in a position to know my domain name, they'd also know my full hotmail etc address if I had one too.

    Not great PR for Play - never had a problem with them as a company, they've always been fine with me, so I'm a bit saddened by this.
  • halfer
    halfer Posts: 38 Forumite
    lizards wrote: »
    Not great PR for Play - never had a problem with them as a company, they've always been fine with me, so I'm a bit saddened by this.
    Yeah, I agree. I switched to Play from Amazon recently, just at same time as my demand for music is expanding greatly (I am now a last.fm convert :D). But I'll have to find another supplier if they can't even look after their customer data properly.
  • halfer
    halfer Posts: 38 Forumite
    Btw, a whois on the sender IP of the spam reveals - tah dah! - a marketing company, exacttarget.com. However a browse of their website suggests they're a legit outfit, so I wonder if their services may have been abused on a "try before you buy" temporary sign-up.
  • Hello all,
    it seems like there is more going on.

    What *may* have happened is that play.com's database has been hacked and has been sold illegally. I'm also afraid that the passwords were stored in plaintext, or very poorly encrypted.

    The reason therefore is that it seems that Gold Farmers also gotten their hands on the account info, as this morning my Battle.net account was compromised and my World of Warcraft account was taken over and used for spam. Since I haven't played/logged in for 5 years and my credentials for play.com and World of Warcraft happen to be the same, this is a little bit too coincidental to my taste. I think they are related.

    If it's true that play.com has been hacked and that they have been stupid enough to store the username/password combination in plaintext, then it is truly grave news.

    (note: I tried linking some of the keywords above to Wikipedia, just in case someone is not familiar with the wonderful world of computer games, unfortunately the forum does not allow me to use links)
  • halfer
    halfer Posts: 38 Forumite
    Hmm, I think I will request a new card from my bank tomorrow - my registered play.com card was a debit card, not a credit card. Still, no evidence that credit card details have leaked - just emails at the mo, as far as I know.
  • halfer
    halfer Posts: 38 Forumite
    Aha, over here too:

    http:// rockpapershotgun.com/rpsforum/topic.php?id=4282

    (Remove space to get the URL working again - can't post links here, boooh!)
  • Got the same email to playcom@[mydomain]. Play.com were totally unconcerned about it. Here's their reply to me:

    "
    Thank you for your email.

    Please be advised that our database is maintained on a secure internal server that is not connected to the internet. No unauthorised access of any kind is available to the network.

    In addition to this our website is a BT Trust Services Secure Site. All information sent to this site while in an SSL session is encrypted, protecting against disclosure to third parties. Please be aware the Verisign Secure Sign is an independent recognition of our security, and Play.com offers a totally secure shopping environment.

    If you have any further queries please consult the FAQ section of our Help pages. Alternatively you can contact our Customer Support Team on 0845 800 1020 (UK only) or +44 (0)1534 877 595 (outside UK). Our opening hours are 9am - 8pm Monday to Friday and 9am - 5pm Saturday and Sunday.

    We hope you find this information reassuring and useful.

    Kind Regards,

    Customer Support Team
    Play.com"

    I'm not impressed, to say the least, particularly as it now seems I'm not the first to let them know. We need to keep this thread updated, if we want Play.com to take this seriously.
  • Please be advised that our database is maintained on a secure internal server that is not connected to the internet. No unauthorised access of any kind is available to the network.

    if it's not connected to the internet how do they authorise a log in from the website? Squirrels running back and forth with post-it notes?

    If the server is secure from the outside.. then they may have been attacked from the inside. Guess we'll find out tomorrow!
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.2K Banking & Borrowing
  • 249.8K Reduce Debt & Boost Income
  • 449.3K Spending & Discounts
  • 234.4K Work, Benefits & Business
  • 606.7K Mortgages, Homes & Bills
  • 172.7K Life & Family
  • 247.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards