Play.com has emailed its customers again to shed more light on the security breach it revealed two days ago.
The online retailer’s CEO, John Perkins, said that the company was alerted to a security breach when some customers reported receiving spam email to addresses they only use for Play.com.
In an initial email alert to customers, Play.com said that a security breach at a third-party company that handles its marketing communications had had a security breach, which meant that “some customer names and email addresses may have been compromised.”
However, not all Play.com customers have received an email security alert, which suggests that those who did are the ones that have been compromised.
The company has now revealed that the third-party company is email service provider Silverpop, which has been managing Play.com’s email marketing since 2008.
“We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop,” Perkins wrote.
“Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses.”
Play.com said it has now taken “all the necessary steps” with Silverpop to ensure that the security breach does not occur again.
In addition, the company insisted that all other personal information, such as credit card details, addresses and passwords, are “kept in the very secure Play.com environment”, and that its e-commerce security is audited and tested “several times a year”.
Both companies have yet to return calls for comment on details of what security measures it has taken to prevent a similar security breach from occurring again.
However, Silverpop’s manager of corporate communications, Stacy Kirk, told the BBC: “Silverpop was among several technology providers targeted as part of a broader cyber attack that occurred in the fall of 2010.
In November 2009, Play.com customers reported problems with the retailer’s ordering system, as a number received emails from the company informing them of the despatch of orders they did not place.
These order emails contained personal details, including names and addresses, of other customers.