Feeds

back to article Play.com: Only customer emails lost in data breach

Online retailer Play.com has named its marketing partner Silverpop as the guilty party behind the disclosure of customer names and email addresses. The breach led to distribution of spam to email addresses only registered with the online retailer on Sunday, a development that led to howls of protest from users. These emails …

COMMENTS

This topic is closed for new posts.
Coat

Was it just me?

Did anyone else read the companies name as 'Silverpoop'?

2
1
Anonymous Coward

Still doesn't answer questions

about why they give peoples details to a third party when you told them they can't do that at the time you signed up for an account.

3
0

Don't mind so much...

If it's passed on for the explicit purpose that the original agreement was for (they can tell me about Play.com deals etc., and status updates on orders I make). If I ever found one about other products, then sure I get uppity (I got uppity; I key email addresses to vendors, so this was very much an anomaly).

My rule #1 on the net is "Everyone can be cracked". All you can do is decide where to put the risk to get what you want to do done..

0
0
Stop

Because...

...Silverpop are providing them with a service, managing their email marketing; the email addresses wouldn't (shouldn't) be used for anything other than Play's use.

'Sharing with a third party' in this context means selling or giving the data to other companies for their own use/profit. If Play gave your email address to a double glazing company, that'd be a breach of the data protection contract. If they hire a third party company to do customer data analysis or handle mailing, it's fair enough.

A good equivalent example would be snail mail. When you tick the 'don't share my mailing details' box on Play, you'd expect to only receive post from Play. However, they give your address to the Royal Mail, to deliver the letter to yourself. Do you want to complain about that blatant breach of privacy? ;)

Of course, it's up to any company that retains customer details to make sure they're held securely, and blaming a third party for a data breach is no excuse. Choice of who looks after the data is just as important as your own defences.

0
0
Flame

But Play.com Tell the Customer to be Careful

I received one of the Play.com emails this morning, so assume my email address has been harvested.

OK, these things happen, but why oh why does Play.com then end their email with the following "advice", as if the customer is in any at fault...!

Customer Advice

Please do be vigilant with your email and personal information when using the internet.

0
0
WTF?

I read it the same

Its all your fault for being stupid and giving your details to such a mickey mouse company.

Well I can quickly remidy that.

Angry email following with a delete account instruction

0
0

Never got the apology mail..

There again, I never got the spam mails either and I've been a Play customer for many years.

I wonder if they were only giving come customer's details to the thrid party.

0
0
FAIL

tit-le

Play have been a sack of shit for sometime now. I won't use them unless I really have to these days.

1
2

I stopped using them

When they started insisting on using the 3D secure type things

1
0
Thumb Down

Frustrating

>> When they started insisting on using the 3D secure type things

AND still insisting on sending electronics items to the card holders address. If I've done 3D secure verification they should send it to any of my registered addresses.

0
0
Bronze badge
FAIL

It looks

Like silverpop is just a marketing email service of some sort.

I suspect its more likely that the either play.com lost a password or someone on the inside sold a list.

0
0
Stop

Been receiving spam for weeks on my play.com address

i've been receiving these adobe X update emails for weeks on my play.com only email addresses.

what i haven't received is he email from play about the breech.

0
0
Anonymous Coward

Silverpop...

Same guys? http://www.theregister.co.uk/2010/12/15/silverpop_breach_probe/

3
0

Good spot anon

well spotted it does appear to be the same company, and that appears to be the data theft in question.

0
0
Anonymous Coward

Unsurprisingly nothing...

Unsurprisingly nothing (apology / explanation etc.) on the Silverpop web site about what happened ;-(

0
0

Spam but no email from play.com here either

Like nigel 15, above, I received the spam email apparently about Adobe, but nothing from play.com about the breach, so I'm not sure play.com is entirely accurate when it says that "all [their] customers" were informed.

0
0
FAIL

Oops - not the first time then...

Oops - not the first time then...

http://www.silverpop.com/blogs/email-marketing/misc/information-security-at-silverpop.html

0
0

got spammed, but no warning email

I got the spam on sunday; but I have received no email from play.com warning me about this any time between december last year and today.

I am extremely concerned that my email address is being passed to third parties when I have explicitly stated in my account settings that I do not want to receive their newsletter.

This sounds like a contravention of data protection laws to me.

0
0
Silver badge
FAIL

Very annoyed

Read the email this morning and summed it up as "it's a third party, so not our fault, we're brilliant"

Third party or not, Play retain all responsibility and accountability, and to try and deflect it in the apology is a very poor course of action indeed. Thank God I use a disposable email account for all the companies I use.

0
0
Paris Hilton

Closed account

Logged on to play, only to fine there is NO close account, so I have emailed them to formally requested to close my account and delete all my personal details. I would recommend we all do the same as there is nothing like losing accounts to force them to take more care with personal details - or just not tell us when they lose them next time.

Paris as she is always losing her personal stuff

0
0
Thumb Down

Send play the spam

At the bottom of plays email it mentions about reporting anything suspicious to privacy@play.com so they can investigate.

So I forwarded my 'Official' Adobe email to play and I think it would good if everyone did the same.

Its the first spam email I've recieved in that account after 5 years (used it loads of different things). Poor show play especially for diverting the blame away from themselves when its a company they themselves appointed...

1
0
Unhappy

Of course this was not a one off...

Of course this was not a one off - their customer list is now in the hands of virus writers / spammers who will surely pass it on to others - so expect to receive more of these.

Very annoyed - just asked Play to 'remove' my account - will be interesting if they do!

0
0
Stop

You can do everything but..

...close your account it seems.

Got another piss-poor email last night apologising for any inconvenience caused by the Spam.

No apology for their mistake. Has this been reported to the information commissionaire?

Also got a specail offer email from them. Bloody cheek

0
0
Anonymous Coward

Are they still using Silverpop??

Are they still using Silverpop?? Hope not - although the damage has been done.

Where is the line between it being an unavoidable criminal theft and them / their service provider being negligent?

0
0
Thumb Down

In summary

All the personal information you hand over to Play is treated to "one of the most stringent internal standards of e-commerce security in the industry" except for the bits they outsource to "cheap as humanly possible" partners, who may apply rather less rigorous standards in order to cut costs. Play also reserve the right not to fess up to any information haemorrhage unless users actually catch them out, in which case they'll move very quickly to blame someone else, who they will now refer to as "supplier" rather than the previously chummy "partner".

2
0

Prrof of account deletion?

Still no email from play.com despite getting spam, (same as frankster).

Considering also closing my account, but wonder if I can request proof that my details are fully gone from their systems. Not so sure trying to login once account has been "deleted" and not being able to still doesn't mean they hold info on me.

0
0
Flame

We're a Silverpop customer

AC for obvious reasons.

Wasn't aware that they had been fingered in so many data losses. Might have to rethink using them...

@James 12

Even asking play.com to remove your details probably won't stop you getting spam - someone got the email list from silverpop, not from play. Now they have the list, they aren't going to be validating it against play.com's data...

0
0
FAIL

BS...

"We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps."

As a long standing customer I did not recieve this email, so the guy is clearly talking BS. I won't be ordering anything from Play.com in the near future.

0
0
Thumb Down

They rely on their terms and conditions

Play.com, like many companies, probably believe that they can negate statutory law with terms in their standard form civil contracts - their terms and conditions and their privacy policy. This just isn't true and any term that is incompatible with the DPA98 is likely to be deemed unfair by a court of law.

Also, if they've passed your details on to a third party against your wishes, check that you've not entered any of their competitions as you have to opt-out again at the very bottom of each competition form. I have raised this with Paul Vane from the Jersey ICO on a number of occasions but he said that there was nothing that he could do about it.

Your best bet is to submit a complaint to the Jersey ICO; the more complaints they receive about a company the more they're likely to take action.

0
0

Emails, what emails?

I've been a Play customer for years, though I don't recall seeing any dodgy emails or even apology emails.

0
0
WTF?

Why a webbug?

I got the second letter from play.com today. I didn't get the first letter a day or so ago, and I didn't get notified at the time of the breach; but then, I didn't get the spam emails either.

So I assume that play.com have written to everybody who *might* have been compromised, because they and Silverpop-goes-your-confidentiality don't actually know whose addresses were lost and whose weren't.

But ooh lookee, lookee, what's this at the bottom of the latest email?

http://open.newsletters.play.com/open/log/4794517/Njk0MDUyNTc3MAS2/0/MTc0NjI0MTk5S0/1/0

Well, well, it's a 1x1 blank gif that you wouldn't see if you weren't using a text-only email reader.

Now, what exactly is a company that said in its first letter (quote) "We take privacy and security very seriously" up to, in employing covert webbugs in its customer correspondence?

0
0
Thumb Down

Old-tech tracking

Just checked mine, and that is VERY naughty :(

That will be me off their newsletter list, and checking any order e-mails for similar spying!

0
0

Reacted immediately? No way

Their claims that they "reacted immediately" and investigated things in December are completely bogus .. I got the "Adobe update" email on my Play.com-only address in the middle of December and informed Play at the time. Their response was basically "All our systems are perfectly secure, this could not have been our fault"

0
0
This topic is closed for new posts.