We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Spam from "GSN" to e-mail address registered on Play.com
Options
Comments
-
The following sentence is irrelevant, and may even be considered an obfuscation of Play.com's responsibilities:
Please be assured this issue has occurred outside of Play.com
Play remain the "data owner" as they supplied customer email addresses and gave the 3rd party the remit to contact customers on Play's behalf. Play are therefore ultimately responsible for the protection of this data, no shirking allowed!
That all said, a few more junk emails to my account that already gets dozens a day isn't the end of the world. I shall continue to do business with them where the deals are worthwhile.0 -
First time poster here, long time lurker.
I to have been getting the spam mails to from play.com, this wasn’t a massive concern for me.
What is a massive concern to me is that last Tuesday someone attempted perform a balance transfer onto my card (the one stored with play.com).
The fraudsters were on position of my name, address and email address...do we think this might be a coincidence?0 -
That does sound rather worrying - I think that we need absolute clarification from play.com that no customer credit/debit card details or addresses were involved in this 'security breach'.0
-
I'm not so sure, although can see why it may have been interpreted in that way. Removing the last part of the quoted sentence leaves out vital qualification and therefore leaves it open to mis-interpretation as you have done.lionheart79 wrote: »The following sentence is irrelevant, and may even be considered an obfuscation of Play.com's responsibilities:
Please be assured this issue has occurred outside of Play.com
Play remain the "data owner" as they supplied customer email addresses and gave the 3rd party the remit to contact customers on Play's behalf. Play are therefore ultimately responsible for the protection of this data, no shirking allowed!
The full sentence was "Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved."
I read this as being a clarification that no other personal information is (or could have been) involved because it was an outside agency that is not provided with this information.
Instead of this sentence, perhaps it would have been better conveyed as "Please be assured this issue does not involve other personal customer information as it occurred outside of Play.com. The company in question does not have access to customer details other than names and e-mail addresses."
The first part of the sentence should have been the most significant point; i.e. that other personal data isn't affected, whereas Play.com opted to say that it wasn't it that leaked the data as the primary point.0 -
0
-
In my view the email from Play.com is unacceptable and comes across as "not our fault, don't blame us". Not even any comment that they will report back after investigating.
It is totally their responsibility to allay any concerns.0 -
It's okay for a company to outsource marketing, though I expect details flow to a marketing company immediately as soon as you sign up, and then an opt-out is sent afterwards, which should suppress any further contact. Of course, what should happen is that upon that opt-out, the third party should *delete* the record, not mark it, but as well all know, deleting data is anathema to most marketing companies, even the legitimate ones.
But play.com's email is a bit, well, corporate, isn't it? A specific reassurance that credit card details are safe, and the name of the offending company, would be much better.0 -
It's okay for a company to outsource marketing, though I expect details flow to a marketing company immediately as soon as you sign up, and then an opt-out is sent afterwards, which should suppress any further contact. Of course, what should happen is that upon that opt-out, the third party should *delete* the record, not mark it, but as well all know, deleting data is anathema to most marketing companies, even the legitimate ones.
But play.com's email is a bit, well, corporate, isn't it? A specific reassurance that credit card details are safe, and the name of the offending company, would be much better.
Agreed. However, it is only ok to transfer data when there are "appropriate security restrictions" in place to protect that data. We don't even know where the third party is located!0 -
From the play.com statement, it looks like only names and email addresses leaked, not billing/postal addresses. The latter would be a bit more worrying, as it would go some way to enabling identity fraud.Preacherbot wrote: »The fraudsters were on position of my name, address and email address...do we think this might be a coincidence?0 -
From The Independant
http://blogs.independent.co.uk/2011/03/22/play-com-accounts-compromised-by-security-breach/#Play.com accounts compromised by security breach
By Kevin Rawlinson
Online games store Play.com has admitted that customer names and email addresses were leaked as a result of a security breach after users complained of receiving spam emails to addresses they use only to monitor their accounts on the site.
An email sent to customers blamed the leak on a company that handles part of Play.com’s marketing communications. In a statement, the site’s CEO John Perkins confirmed that “irregular activity”, believed to have taken place in December 2010, had been spotted by the firm’s internet service provider Silverpop and that customer’s email addresses had been released as a result.
He said that customers began telling Play.com that they were receiving spam emails, some to addresses attached to Play.com accounts on Sunday. He said that an investigation undertaken at the time suggested that no email addresses had been compromised. That has been subsequently proven incorrect.
Mr Perkins insisted that, in sending warning emails on Tuesday, the company had “reacted immediately”, allowing them to “take the necessary precautionary steps”. Play.com was unable to say how the breach occurred or how mnay people have been affected but a spokesman could categorically say that no other personal information was leaked.
He said: “We would like to assure all our customers that the only information communicated to Silverpop were email addresses. Silverpop and Play.com have taken all the necessary steps to ensure a security breach of this nature does not happen again.”
The company, one of the largest online retailers of games, DVDs and CDs, has been targeted for this kind of attack before. According to technology blog The Register, in 2009, a similar breach saw 24 order confirmation emails destined for other customers sent to one user.
The emails listed what items were ordered, email address, delivery address and payment method, but no other financial details.
Internet security firm Sophos is warning customers that, while Play.com say no credit card information has been stolen, “it is wise to keep your eye on your credit card transactions to ensure there is nothing amiss”.
In a blogpost, the firm told users to “consider changing their Play.com password and the associated email account password.” They also advised Play.com customers to use different passwords for different online accounts and not to open suspicious-looking emails.
I bolded the important bits.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards