play.com

Apology from John Perkins, Play.com CEO SilverPop Leak

play.comFollowing on from my tweet this morning, here is the letter from the Play.com CEO, John Perkins reguarding the suggested compromise of customer related data.

Have a good read of the email below and then re read it again with the sections highlighted at the bottom.

The Email

Dear Customer,

As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.

We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .

Best regards,

John

John Perkins
CEO
Play.com

Read it again

Read the mail again, this time note the following sections:

“Investigations at the time showed no evidence that any of our customer email addresses had been downloaded.”

And then this sentence:

“Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.”

Is it just me, or do these contradict each other?

2 replies
  1. dan barker
    dan barker says:

    hi, Matthew, how are you?

    I read it & don’t see a contradiction. Here’s my mental rewrite of your first quote:

    “At the time of the security breach, an investigation was carried out. It didn’t look like any Play customers’ email addresses had been gathered.”

    So at the time, they thought “great. there was a security breach, but we got off lightly. Let’s make sure everything is watertight so that we’re fine if anyone tries anything again.”

    Now it looks like some email addresses may have indeed got out there via Silverpop. They’re communicating that issue, and reassuring customers that they did treat it seriously at the time of the hack. Otherwise – they would get a ton of email replies saying “if the hack was in December, why didn’t you contact us then??”

    Though – as always – I could be getting the wrong end of the stick.

    dan

    ps. some great books on your reading list!

    Reply
    • Matthew Ogborne
      Matthew Ogborne says:

      Good morning Dan,

      Yes, you’re right it can be read that way and re-reading it this morning I do agree with the view you’ve taken.

      On a side note, “email addresses they only use for Play.com.” interesting that people are actually doing this, although in this instance, it can help identify an issue quickly.

      Matt

      Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *