Initial reports, including those published by Infosecurity, suggested that Play.com customer email addresses, names, and other account data was compromised via a breach that occurred at Silverpop, an email marketing company contracted by Play.com.
This included reports that Play.com customers had received spam to their email that was linked to their Play.com account.
Infosecurity, through its sister publication Computer Weekly, originally reported that the security breach may have included customer credit card details. The firm’s CEO, John Perkins, has refuted this claim, reiterating that the compromised information includes only customer names and email addresses.
“We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop”, Perkins said in an email statement to Infosecurity, adding that the company’s investigation at the time of the incident showed no evidence that customer email addresses had been downloaded. “We would like to assure all our customers that the only information communicated to our email service provider was email addresses.”
Perkins also promised that Play.com has taken the necessary steps to ensure that its third-party email marketer does not fall victim to a similar breach in the future.
The firm’s CEO also apologized for the inconvenience the breach has caused its customers, including any uptick in email spam they may experience.
“We would also like to reassure our customers that all other personal information (i.e., credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment”, Perkins continued. “Play.com has one of the most stringent internal standards of e-commerce security in the industry...[and] is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.”