Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • DonnyDave
    • By DonnyDave 20th Mar 11, 2:20 PM
    • 1,568Posts
    • 438Thanks
    DonnyDave
    Spam from "GSN" to e-mail address registered on Play.com
    • #1
    • 20th Mar 11, 2:20 PM
    Spam from "GSN" to e-mail address registered on Play.com 20th Mar 11 at 2:20 PM
    I have just received a spam message to play@mydomain which has only ever been given to online retailer Play.com:


    From: GSN - Play Every Day <GSNnews@email.gsn.com>
    Subject: Get more done, much faster, with Acrobat X PDF Reader. Upgrade Available Now
    __________
    GETTING MORE DONE AT WORK NOW COMES IN A CONVENIENT BOX

    See how Adobe Acrobat X Reader is a step above anything you've experienced before, so you can be even more productive.

    Upgrade now: <spam link removed>

    Just how much faster can you work with Adobe Acrobat PDF Reader
    software? Fast enough to stay on top of last-minute changes, connect
    with key decision makers, and share updates with co-workers.

    You'll discover how easy it is to reuse content by exporting PDF files
    to Microsoft Word or Excel formats. And how quickly you can automate
    multi-step tasks with new, guided Actions. No wonder PC Magazine
    says, "There's a lot to like in Acrobat X PDF Reader." See for yourself at :

    <spam link removed>

    Copyright 2011 Adobe Systems Incorporated. All rights reserved.

    Adobe Systems Incorporated
    343 Preston Street
    Ottawa, ON K1S 1N4
    Canada
    I am concerned that this may be as a result of a security breach at Play.com.
    Last edited by DonnyDave; 20-03-2011 at 11:09 PM. Reason: Link removed
    Dave
    Say no to 0870!
Page 5
    • Gordon861
    • By Gordon861 22nd Mar 11, 2:08 PM
    • 281 Posts
    • 153 Thanks
    Gordon861
    From The Independant
    http://blogs.independent.co.uk/2011/03/22/play-com-accounts-compromised-by-security-breach/#

    Play.com accounts compromised by security breach

    By Kevin Rawlinson

    Online games store Play.com has admitted that customer names and email addresses were leaked as a result of a security breach after users complained of receiving spam emails to addresses they use only to monitor their accounts on the site.

    An email sent to customers blamed the leak on a company that handles part of Play.com’s marketing communications. In a statement, the site’s CEO John Perkins confirmed that “irregular activity”, believed to have taken place in December 2010, had been spotted by the firm’s internet service provider Silverpop and that customer’s email addresses had been released as a result.
    He said that customers began telling Play.com that they were receiving spam emails, some to addresses attached to Play.com accounts on Sunday. He said that an investigation undertaken at the time suggested that no email addresses had been compromised. That has been subsequently proven incorrect.

    Mr Perkins insisted that, in sending warning emails on Tuesday, the company had “reacted immediately”, allowing them to “take the necessary precautionary steps”. Play.com was unable to say how the breach occurred or how mnay people have been affected but a spokesman could categorically say that no other personal information was leaked.

    He said: “We would like to assure all our customers that the only information communicated to Silverpop were email addresses. Silverpop and Play.com have taken all the necessary steps to ensure a security breach of this nature does not happen again.”

    The company, one of the largest online retailers of games, DVDs and CDs, has been targeted for this kind of attack before. According to technology blog The Register, in 2009, a similar breach saw 24 order confirmation emails destined for other customers sent to one user.
    The emails listed what items were ordered, email address, delivery address and payment method, but no other financial details.

    Internet security firm Sophos is warning customers that, while Play.com say no credit card information has been stolen, “it is wise to keep your eye on your credit card transactions to ensure there is nothing amiss”.

    In a blogpost, the firm told users to “consider changing their Play.com password and the associated email account password.” They also advised Play.com customers to use different passwords for different online accounts and not to open suspicious-looking emails.
    I bolded the important bits.
    • Equaliser123
    • By Equaliser123 22nd Mar 11, 2:21 PM
    • 3,321 Posts
    • 2,485 Thanks
    Equaliser123
    Originally posted by Gordon861
    I think the other important bits are :

    " He said that an investigation undertaken at the time suggested that no email addresses had been compromised. That has been subsequently proven incorrect."

    "Internet security firm Sophos is warning customers that, while Play.com say no credit card information has been stolen, “it is wise to keep your eye on your credit card transactions to ensure there is nothing amiss”."

    "In a blogpost, the firm told users to “consider changing their Play.com password and the associated email account password.” They also advised Play.com customers to use different passwords for different online accounts and not to open suspicious-looking emails. "

    So to my mind it seems that Play.com have lost a huge amount of credibility and are doing very little to assure anyone.
  • halfer
    Aha, thanks for that - the weak link in the chain is named. Looks like several sites' users were grabbed at the same time:

    cyberinsecure.com/deviantart-members-emails-leaked-by-marketing-partner-silverpop-systems/

    DeviantArt quit using SilverPop over this, I wonder if play.com will as well?

    What is annoying is that play.com didn't come clean about this at the time. Had it been operating in California, US, it would have had a legal obligation to, afaik.
  • Play.com Company Representative
    Message from Play.com CEO John Perkins

    Dear Customer,

    As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.

    We believe this issue maybe related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

    We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses , passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .
    Official Company Representative
    I am the official company representative of Play.com. MSE has given permission for me to post in response to queries about the company, so that I can help solve issues. You can see my name on the companies with permission to post list. I am not allowed to tout for business at all. If you believe I am please report it to forumteam@moneysavingexpert.com This does NOT imply any form of approval of my company or its products by MSE"
    • Equaliser123
    • By Equaliser123 22nd Mar 11, 3:59 PM
    • 3,321 Posts
    • 2,485 Thanks
    Equaliser123
    Message from Play.com CEO John Perkins

    Dear Customer,

    As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.

    We believe this issue maybe related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

    We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses , passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .
    Originally posted by Play.com Company Representative
    Next time it would be useful if, instead of allowing people to speculate, you would actually provide more detail rather than the slopey shouldered non-information which was emailed previously.
    • GustyGardenGalaxy
    • By GustyGardenGalaxy 22nd Mar 11, 4:07 PM
    • 659 Posts
    • 243 Thanks
    GustyGardenGalaxy
    Well said. The information from play.com has been shoddy to say the least, and getting information from them has been difficult to put it mildly.

    They have assured us that 'only' email addresses and names have fallen into the wrong hands, yet apparently when this happened (back in December, which I wasn't even aware of) they said that no email addresses had been leaked .........

    So, play.com - would you care to swear on your granny's grave that NO ADDRESSES, CARD DETAILS, ETC HAVE FALLEN INTO THE WRONG HANDS?

    And does this 'leak' also affect people who use playusa.com ?
  • halfer
    Hi Play Rep,

    Thanks for being here to answer concerns.

    I emailed privacy@play.com on Sunday for more info, and having not heard anything, again today. Since the spam incident, I've not received an email from your firm. I am guessing therefore that not all customers affected by this have been emailed.

    I've asked in my email for an easy way to remove credit card info from your database, as your user interface doesn't presently permit that. I appreciate credit card data has not leaked, but nevertheless, I've seen other retailers offer this, and it does permit the customer to control the storage of this sensitive data.

    Would you find out whether this would be considered? Thanks.
    • Lip_Stick
    • By Lip_Stick 22nd Mar 11, 4:38 PM
    • 2,244 Posts
    • 5,911 Thanks
    Lip_Stick
    Hmm.. I haven't had any spam or an email advising me about the security breach. I don't get the newsletter though.
    There's a storm coming, Cameron. You and your friends better batten down the hatches, because when it hits, you're all gonna wonder how you ever thought you could live so large and leave so little for the rest of us.
  • halfer
    So, play.com - would you care to swear on your granny's grave that NO ADDRESSES, CARD DETAILS, ETC HAVE FALLEN INTO THE WRONG HANDS?
    Originally posted by GustyGardenGalaxy
    I think that's been answered by the item above. Sure, I'd also rather have heard about the breach in December, but we are where we are.
    • Equaliser123
    • By Equaliser123 22nd Mar 11, 5:20 PM
    • 3,321 Posts
    • 2,485 Thanks
    Equaliser123
    I think that's been answered by the item above. Sure, I'd also rather have heard about the breach in December, but we are where we are.
    Originally posted by halfer
    I think the point is that their credibility can be seriously called into question.
    • paddyrg
    • By paddyrg 22nd Mar 11, 5:34 PM
    • 13,113 Posts
    • 11,189 Thanks
    paddyrg
    We recently had something similar here, on this site. Big difference is that this site was very open about what had happenned, kept us informed of the steps being taken, etc. I know Play have lost my business by trying to 'spin' this - if you can't apologise honestly and take it on the chin, why should anyone trust you?
  • Internet Pawn
    Message from Play.com CEO John Perkins

    Dear Customer,

    As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps. ...
    Originally posted by Play.com Company Representative
    Thanks for the update, Play company rep, but it seems either your CEO has been misinformed or he is being disingenuous. Play's first action when I reported this issue was to deny it completely - others here also received the same response. Only when it became clear that that wouldn't wash did Play admit the possibility (only the possibility, mind) that data may have been misused. And now it transpires that the potential security breach they have only now chosen to tell us about is something they have known about since December.

    It doesn't exactly inspire confidence, does it?
    Last edited by Internet Pawn; 22-03-2011 at 6:15 PM. Reason: spelling
  • Cybergeek
    Message from Play.com CEO John Perkins

    ...We believe this issue maybe related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop.
    Originally posted by Play.com Company Representative
    John,

    I'm shocked that a company with an otherwise excellent reputation like Play.com would use Silverpop. Looking at WOT and a quick Google search tells me that people have long suspected Silverpop systems have been used for spam. Have you seen http://cyberinsecure.com/deviantart-members-emails-leaked-by-marketing-partner-silverpop-systems/ ?? It seems Silverpop have a generally lax approach to the security of clients data.

    John, please will you confirm to MSE readers that Play.com has severed its business relationship with Silverpop? I would urge you to bring this marketing function back in-house.
    • mime20
    • By mime20 22nd Mar 11, 8:29 PM
    • 35 Posts
    • 13 Thanks
    mime20
    I recieved the email today (I wasn't going to open it as I thought it might be junk), then I looked in my junk folder & there was an email there which was from my name & my email address which I knew I hadn't sent. So it looks like something more than just random spam is going on. My email password is different from my play password but don't know what's happening. Advice please (play not being helpful)
  • butters
    w ww.bbc.co.uk/news/technology-12819330

    I'm not allowed to post links but looks like the BBC have picked up on this too
  • dragonmeat
    Their "message to customers" reads more like it was written for the benefit of the media and Play's lawyers

    By "we reacted immediately", he presumably means "we fobbed off our customers with factually incorrect boilerplate responses until the volume of complaints reached critical mass".
  • dragonmeat
    John, please will you confirm to MSE readers that Play.com has severed its business relationship with Silverpop? I would urge you to bring this marketing function back in-house.
    Originally posted by Cybergeek
    They're quoted as saying they've taken "every step" to ensure this doesn't happen again. So presumably yes.
    • DonnyDave
    • By DonnyDave 22nd Mar 11, 11:20 PM
    • 1,568 Posts
    • 438 Thanks
    DonnyDave
    And The Guardian:

    http://www.guardian.co.uk/technology/2011/mar/22/play-customer-details-leaked
    Dave
    Say no to 0870!
    • Redcase
    • By Redcase 22nd Mar 11, 11:31 PM
    • 101 Posts
    • 107 Thanks
    Redcase
    I changed my email early this afternoon and received a conformation email right away.This second email from John at play was sent to my original address,does this mean that they are outsourcing thier responces.sorry if i am being thick,but if they acknowledged the change in email right away why did they send their email from John to my old one 8 hours later.Also could the credit card storage be optional please.

    John from play could you get back to me on this when you are back on and posting .Thank you
    Last edited by Redcase; 22-03-2011 at 11:44 PM. Reason: mistook and more questions
    • lizards
    • By lizards 23rd Mar 11, 12:06 AM
    • 219 Posts
    • 62 Thanks
    lizards
    Interestingly despite getting the dodgy email to both my play@... and play247@... addresses, I've only been getting the "apology" emails to my play@ address. The other one I have not used for years and had forgotten it even existed. So I guess not everyone will get one - either that or they don't realise just how far back the leaked email addresses went.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

2,260Posts Today

7,761Users online

Martin's Twitter