Data dilemma
Popular etailer Play.com has warned that the names and addresses of its customers might have been stolen from the third-party marketing firm it uses, but payment details are safe.
The Guardian reported that in a message sent to its customers, Play.com said that customer' payment details have not been affected.
It reportedly stressed that the breach took place outside Play.com and "no other personal customer information has been involved," apart from he names and addresses of course.
The site, which predominantly sells entertainment products, is reportedly the second largest gadget and games retailer in the UK, with Amazon number 1, so it seems a lot of Brits will potentially be affected as Play.com has around 7 million registered customers.
While it is believed that users' card details are safe, the breach could still put customers at risk of phishing scams and they could be bombarded with fake emails appearing to be from Play.com but asking them to confirm their details and crucially hand over passwords or card details.
Play.com apparently said in the email it is sending to customers: "We will never ask you for information such as passwords, bank account details or credit card numbers. If you receive anything suspicious in your email, please do not click on any links and forward the email to privacy@play.com for us to investigate."
It appears that the breach occurred over the weekend. One customer got in touch with The Guardian suspecting problems after getting a lot of spam email to an address he only used for Play.com orders.
He told the newspaper: "They said that they had already heard of this and anyone who contacted them would have their information passed to the IT department who were investigating, and would be contacted in due course. They repeated this statement ad nauseam when I inquired why I hadn't been proactively contacted since they store sensitive data including credit card numbers. They wouldn't let me speak to anyone else."
There was also a thread on Moneysavingexpert.com's forum of spam relating to Play.com, which suggests the breach happened at the weekend.
People have so far complained that Play.com has not provided information about exactlywhen the breach occurred that would make detecting fake emails easier for customers, while others have moaned that they cannot delete their saved credit card details from the website as a precaution incase their account is accessed by a criminal.
However, the official email explaining the breach from Play.com might set some customers' minds at rest as it reportedly said that users' credit card details and passwords are stored internally.
"Our database is maintained on a secure internal server that is not connected to the internet," it reportedly said.
