Play.com admits to email losses during security breach

PLAY.COM'S CEO John Perkins has claimed that a security breach at its email service provider Silverpop led to the release of customer email addresses.

In an official statement Perkins explained that his firm thinks the security breach occurred in December when "irregular activity" was spotted. But it was not until Sunday 20 March that Play.com customers started getting spam email.

In a rather embarrassing double fluff not only was Silverpop's security apparently breached but the investigation of irregular activity in December, which is thought to be the breach, drew a blank. Play.com thinks that irregular activity was when the email addresses were downloaded but how can it be sure?

On 20 March Play.com informed its customers of the email loss and advised them to take precautionary action. In Perkins statement he says, "We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment."

Going on, and on, and apologising Perkins asserts that Play.com has one of the most "stringent internal standards of e-commerce security" and mentions that this is audited several times a year by "leading internet security companies". Hopefully not HBGary.

However warm Perkins words might be, The INQUIRER wonders why the December investigation came up with nothing. Either someone missed a breach or the breach occurred somewhere else, or at some other time entirely. µ