Tuesday, March 22, 2011

Play.com warns of security breach

Play.com has warned its customers to "be vigilant" after a security breach led to some personal information being compromised.

The retailer, which sells music, videos and games, blamed another company that it employs to do marketing.

It said that no payment details were stolen, but asked users to beware of spam e-mails containing harmful links.

The company has apologised saying it had "taken every step to make sure this doesn't happen again".

In a statement, Play.com's chief executive John Perkins said: "On Sunday 20 March some customers reported receiving a spam e-mail to e-mail addresses they only use for Play.com."

"We believe this issue may be related to some irregular activity that was identified in December 2010 at our e-mail service provider, Silverpop.

"Investigations at the time showed no evidence that any of our customer e-mail addresses had been downloaded.

"We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps."

The retailer, which operates out of Jersey, said that all of its customers had now been warned to be cautious of e-mails appearing to come from Play.com.

It has also requested that any suspicious messages be forwarded to privacy@play.com.

Cyber attack

US-based firm Silverpop was employed by the site in 2008 to manage e-mail marketing and communications.

Silverpop's manager of corporate communications, Stacy Kirk, told the BBC that the only security issue it had been affected by happened last year, and that it had notified all affected clients at the time.

"Silverpop was among several technology providers targeted as part of a broader cyber attack that occurred in the fall of 2010," she said.

"At that time, we very quickly stopped the attack, notified all customers impacted by the activity and began working with the FBI, law enforcement and third party security experts to help identify those responsible and take any additional steps necessary to ensure this did not happen again.

"Start Quote

On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue."

End Quote John Perkins CEO, Play.com

"We are confident that the breach last year remains an isolated incident."

Ms Kirk would not confirm that Play.com was among those contacted due to client confidentiality.

Some users on Twitter and in discussion forums have reported an increase in spam e-mail to accounts signed up to Play.com, with some of these e-mails containing links to websites containing malware.

Phishing scams are designed to trick users into believing they are sharing data with a company that they trust, and giving out personal information such as a credit card details.

However, it cannot be confirmed that the e-mails were sent as a result of the data breach at Play.com.

No notice

Some customers who received Play.com's warning e-mail questioned its validity as it did not refer to them by name.

Play.com's website currently contains no notice or guidance about the breach.

Many users have also complained that it is currently not possible to manually remove credit card details from the site.

Paul Vlissidis, technical director of IT security firm NGS Secure, said that such situations are a major concern for retailers and their customers.

"Online businesses, even those of Play.com's size, cannot afford the loss of reputation and customer trust that negligence of this type causes," he said.

"While it is a weakness in the security of a third party that has allowed this data breach, it is the responsibility of all organisations dealing with personal customer data to ensure comprehensive security audits have been carried out in all areas of outsourced work."

Mr Perkins has moved to re-assure customers that other data kept with Play.com is safe.

"We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment.

"Play.com has one of the most stringent internal standards of e-commerce security in the industry.

"On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue."



Powered By WizardRSS.com | Full Text RSS Feed | WordPress PluginHud 1

China rejects Google allegations

China's foreign ministry has rejected claims by Google that Beijing is disrupting access to its e-mail service in the country.

"This is an unacceptable accusation," ministry spokeswoman Jiang Yu told a regular news conference on Tuesday.

Google said on Monday that difficulties faced by users of its Gmail service was the result of government blocks.

Users say the interference coincided with an internet campaign calling for protests like those in the Middle East.

Google said it had found no technical issues, and blamed "a government blockage carefully designed to look like the problem is with Gmail".

Last year, Google said it had suffered cyber-attacks from China-based organisations intent on hacking into the Gmail accounts of Chinese rights activists.

The incident caused tensions between China and the United States, and led to Google reducing its presence in the Chinese market.

Beijing has always denied any state involvement in the cyber-attacks, and has in the past called such accusations "groundless".



Powered By WizardRSS.com | Full Text RSS Feed | WordPress PluginHud 1