We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Spam from "GSN" to e-mail address registered on Play.com
Options
Comments
-
From The Independant
http://blogs.independent.co.uk/2011/03/22/play-com-accounts-compromised-by-security-breach/#
I bolded the important bits.
I think the other important bits are :
" He said that an investigation undertaken at the time suggested that no email addresses had been compromised. That has been subsequently proven incorrect."
"Internet security firm Sophos is warning customers that, while Play.com say no credit card information has been stolen, “it is wise to keep your eye on your credit card transactions to ensure there is nothing amiss”."
"In a blogpost, the firm told users to “consider changing their Play.com password and the associated email account password.” They also advised Play.com customers to use different passwords for different online accounts and not to open suspicious-looking emails. "
So to my mind it seems that Play.com have lost a huge amount of credibility and are doing very little to assure anyone.0 -
Aha, thanks for that - the weak link in the chain is named. Looks like several sites' users were grabbed at the same time:
cyberinsecure.com/deviantart-members-emails-leaked-by-marketing-partner-silverpop-systems/
DeviantArt quit using SilverPop over this, I wonder if play.com will as well?
What is annoying is that play.com didn't come clean about this at the time. Had it been operating in California, US, it would have had a legal obligation to, afaik.0 -
Message from Play.com CEO John Perkins
Dear Customer,
As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.
We believe this issue maybe related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.
We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses , passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .“Official Company Representative
I am the official company representative of Play.com. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"0 -
Play.com_Company_Representative wrote: »Message from Play.com CEO John Perkins
Dear Customer,
As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.
We believe this issue maybe related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.
We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses , passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .
Next time it would be useful if, instead of allowing people to speculate, you would actually provide more detail rather than the slopey shouldered non-information which was emailed previously.0 -
Well said. The information from play.com has been shoddy to say the least, and getting information from them has been difficult to put it mildly.
They have assured us that 'only' email addresses and names have fallen into the wrong hands, yet apparently when this happened (back in December, which I wasn't even aware of) they said that no email addresses had been leaked .........
So, play.com - would you care to swear on your granny's grave that NO ADDRESSES, CARD DETAILS, ETC HAVE FALLEN INTO THE WRONG HANDS?
And does this 'leak' also affect people who use playusa.com ?0 -
Hi Play Rep,
Thanks for being here to answer concerns.
I emailed [EMAIL="privacy@play.com"]privacy@play.com[/EMAIL] on Sunday for more info, and having not heard anything, again today. Since the spam incident, I've not received an email from your firm. I am guessing therefore that not all customers affected by this have been emailed.
I've asked in my email for an easy way to remove credit card info from your database, as your user interface doesn't presently permit that. I appreciate credit card data has not leaked, but nevertheless, I've seen other retailers offer this, and it does permit the customer to control the storage of this sensitive data.
Would you find out whether this would be considered? Thanks.0 -
Hmm.. I haven't had any spam or an email advising me about the security breach. I don't get the newsletter though.There's a storm coming, Mr Johnson. You and your friends better batten down the hatches, because when it hits, you're all gonna wonder how you ever thought you could live so large and leave so little for the rest of us.0
-
GustyGardenGalaxy wrote: »So, play.com - would you care to swear on your granny's grave that NO ADDRESSES, CARD DETAILS, ETC HAVE FALLEN INTO THE WRONG HANDS?
I think that's been answered by the item above. Sure, I'd also rather have heard about the breach in December, but we are where we are. 0 -
-
We recently had something similar here, on this site. Big difference is that this site was very open about what had happenned, kept us informed of the steps being taken, etc. I know Play have lost my business by trying to 'spin' this - if you can't apologise honestly and take it on the chin, why should anyone trust you?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards