Play.com warns customers of details leak

by Sarah Griffiths on 22 March 2011, 10:57

Tags: Play.com

Quick Link: HEXUS.net/qa47h

Add to My Vault: x

Data dilemma

Popular etailer Play.com has warned that the names and addresses of its customers might have been stolen from the third-party marketing firm it uses, but payment details are safe.

The Guardian reported that in a message sent to its customers, Play.com said that customer' payment details have not been affected.

It reportedly stressed that the breach took place outside Play.com and "no other personal customer information has been involved," apart from he names and addresses of course.

The site, which predominantly sells entertainment products, is reportedly the second largest gadget and games retailer in the UK, with Amazon number 1, so it seems a lot of Brits will potentially be affected as Play.com has around 7 million registered customers.

While it is believed that users' card details are safe, the breach could still put customers at risk of phishing scams and they could be bombarded with fake emails appearing to be from Play.com but asking them to confirm their details and crucially hand over passwords or card details.

Play.com apparently said in the email it is sending to customers: "We will never ask you for information such as passwords, bank account details or credit card numbers. If you receive anything suspicious in your email, please do not click on any links and forward the email to privacy@play.com for us to investigate."

It appears that the breach occurred over the weekend. One customer got in touch with The Guardian suspecting problems after getting a lot of spam email to an address he only used for Play.com orders.

He told the newspaper: "They said that they had already heard of this and anyone who contacted them would have their information passed to the IT department who were investigating, and would be contacted in due course. They repeated this statement ad nauseam when I inquired why I hadn't been proactively contacted since they store sensitive data including credit card numbers. They wouldn't let me speak to anyone else."

There was also a thread on Moneysavingexpert.com's forum of spam relating to Play.com, which suggests the breach happened at the weekend.

People have so far complained that Play.com has not provided information about exactlywhen the breach occurred that would make detecting fake emails easier for customers, while others have moaned that they cannot delete their saved credit card details from the website as a precaution incase their account is accessed by a criminal.

However, the official email explaining the breach from Play.com might set some customers' minds at rest as it reportedly said that users' credit card details and passwords are stored internally.

"Our database is maintained on a secure internal server that is not connected to the internet," it reportedly said.



HEXUS Forums :: 11 Comments

Login with Forum Account

Don't have an account? Register today!
I barely use them anymore as their customer service is terrible, their delivery is slow and prices are cheaper elsewhere. I just wish I had of cancelled my account now . . . .
I didn't get any email!
I received this email, quite shocking really.
i recieved the email this morning on my current registered email address and on my old registered address too. I guess they dont discard email addresses when you change as i changed my email address about 5 months ago.
Hmm, I guess I'm glad my play.com account is registered to a gmail account which gets spammed anyway but I hope play.com get hit really hard for this, there's simply no excuse for losing data.
I'll be changing my password as a precaution but I hate the way play.com stores card details and bypasses the card company's extra verification layer (not the only one to operate like this, mind).
I also very rarely buy from them now, and this isn't exactly going to gain my business!