Spam from "GSN" to e-mail address registered on Play.com
Comments
-
I also had the email sent to me and I have a separate email address only used for Play.com. Only good thing is that my credit card has expired on there system
0 -
Internet_Pawn wrote: »Got the same email to playcom@[mydomain]. Play.com were totally unconcerned about it. Here's their reply to me:
"
Thank you for your email.
Please be advised that our database is maintained on a secure internal server that is not connected to the internet. No unauthorised access of any kind is available to the network.
In addition to this our website is a BT Trust Services Secure Site. All information sent to this site while in an SSL session is encrypted, protecting against disclosure to third parties. Please be aware the Verisign Secure Sign is an independent recognition of our security, and Play.com offers a totally secure shopping environment.
If you have any further queries please consult the FAQ section of our Help pages. Alternatively you can contact our Customer Support Team on 0845 800 1020 (UK only) or +44 (0)1534 877 595 (outside UK). Our opening hours are 9am - 8pm Monday to Friday and 9am - 5pm Saturday and Sunday.
We hope you find this information reassuring and useful.
Kind Regards,
Customer Support Team
Play.com"
I'm not impressed, to say the least, particularly as it now seems I'm not the first to let them know. We need to keep this thread updated, if we want Play.com to take this seriously.
I received exactly the same reply from play.com (re: the GSNnews e-mail), and i too am not impressed.
Lets hope that they are now starting to take things seriously!
mb0 -
This is possible to achieve - some companies don't permit any connections to their db server from the internet, and then only database connections, not login connections, from their local network (including the web server). This does make things more secure.if it's not connected to the internet how do they authorise a log in from the website? Squirrels running back and forth with post-it notes?
That all said, I was already 95% convinced that they've had a data leak when my email address was compromised. Now that a good number of people have stepped forward with the same issue, I am 100% certain. Their automated response is someone without full possession of the facts, and he/she will initially bat complaints away assuming that they're from people who shouldn't be allowed to own a computer in the first place.
However, once they look into it they won't be able to hold that line for very long. Let's hope they look into it properly tomorrow.0 -
I too received the spam email from GSN to an email address which I created specifically for my account at Play.com.
When I sent a complaint to privacy@play.com I received exactly the same boilerplate response that Internet Pawn received.
I think there are three ways my email address could have been
compromised- Lax security at play.com
- An employee at Play covertly sold my address (a variation of 1.)
- Play Holdings Ltd. knowingly sold my email address.
If it is (3), then that contravenes their own Privacy Policy, I quoteWe will not sell, distribute or disclose information about you or your personal usage of the Site without your express consent or unless required or permitted to do so by law. **
I have sent a further email to the privacy email address which I have CC'ed to the Play CEO John Perkins.
I will not do business with a company who cannot take care of my details.
** hxxp://www.play.com/Help.html?page=priv
Change "hxxp" to "http" for link to work.Dagobert0 -
shadowcode wrote: »What *may* have happened is that play.com's database has been hacked and has been sold illegally. I'm also afraid that the passwords were stored in plaintext, or very poorly encrypted.
It's common for websites to hash the passwords, but not all websites do this. Even when it's hashed there are programs out there that will try and crack the hashes and will find any weak passwords.0 -
if it's not connected to the internet how do they authorise a log in from the website? Squirrels running back and forth with post-it notes?
I guess it means there's no direct connection to the Internet and it only accepts connections from their web servers which offers some but not complete security. A weakness in the web server could allow access to the database.0 -
Internet_Pawn wrote: »Here's their reply to me:
"
Thank you for your email.
Please be advised that our database is maintained on a secure internal server that is not connected to the internet. No unauthorised access of any kind is available to the network.
In addition to this our website is a BT Trust Services Secure Site. All information sent to this site while in an SSL session is encrypted, protecting against disclosure to third parties. Please be aware the Verisign Secure Sign is an independent recognition of our security, and Play.com offers a totally secure shopping environment.
If you have any further queries please consult the FAQ section of our Help pages. Alternatively you can contact our Customer Support Team on 0845 800 1020 (UK only) or +44 (0)1534 877 595 (outside UK). Our opening hours are 9am - 8pm Monday to Friday and 9am - 5pm Saturday and Sunday.
We hope you find this information reassuring and useful.
Kind Regards,
Customer Support Team
Play.com"
One of the problems I have with customer service departments nowadays is that their main function no longer appears to be helping the customer but to mitigate the companies position.
Reading the email they have sent you, it doesn’t actually say that they haven’t been compromised/ hacked.
It reads more like their standard boilerplate covering or queries raised about online security.0 -
I got their stock (and anonymous!) answer too. Worse, when I replied, it bounced as the info@play.com is an unattended email account. Shambles.0
-
Bah..
You guys did better than me!.
I copied the text from GuiltyCol post, went to play.com and found their "report a website fault" area.
Pasted in the text there and submitted it..
Few hours later i get this as their reply.
Fools...Dear *my name*,
Thank you for your email.
We are sorry to hear you are receiving unwanted emails. We have made a request to remove you from all play.com mailing lists this may take up to 10 days before it can come into effect.
Once again, please accept our apologies for any inconvenience caused to you in this matter and thank you for your patience and valued custom.
Kind Regards,
Customer Care Team
Play.com0 -
There's another possibility I don't think anyone's mentioned yet, and there's a clue on play.com's site:Sharing data
We have business and technical partners whom we share data with to handle orders, process credit and debit card payments and provide a range of services, including for fraud protection purposes. They are bound by Data Protection covenants and must process the personal information in accordance with this Privacy Policy and the Data Protection Laws of Luxembourg.
In case any fraudulent activity is detected on the website, or, without limitation, in connection with the breach of intellectual property rights through the use of the website, we may release personal information in order to comply with any applicable regulation or assert our rights as well as our business partners’.
So a breach at a third party is a possibility. The good news is it would be unlikely to include more sensitive data like passwords or credit card details. Not that this would absolve play.com of responsibility of course.
Also, the network attack vectors (e.g. compromised web server) already mentioned aren't that likely. A dump of the data handed to someone in the marketing department and then sold on or lost on a usb drive are much more likely (and I know from experience as a db admin that it does happen, even if you try to say "no"). So all this stuff about network security actually doesn't mean much.0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.6K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards