14 DAY TRIAL // Play.com, one of the largest online UK retailers of video games, books and DVDs, has apologized for a wave of malicious spam received by its customers and said that it's possibly connected to a breach at an email marketing company called Silverpop.
According to The Register, Play.com customers began receiving rogue email messages on Monday which advertised Adobe Reader upgrades but actually led to malware.
Affected individuals were able to track down the problem to Play.com, because they only registered their email addresses with the website.
After being notified of the problem, the company alerted all customers of the threat and apologized for the incident.
Play.com chief executive John Perkins explained that the company's systems have not been compromised, but the email database might have been stolen from their email marketing partner, Silverpop.
Silverpop's systems were breached last year and email databases for more than one hundred of its clients have been compromised.
Affected companies include deviantART, McDonald's, Walgreens and Honda Motor. Walgreens customers were already targeted by phishers as a result of the incident.
According to Perkins, Play.com did not notify customers earlier because "investigations at the time showed no evidence that any of our customer email addresses had been downloaded."
"We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again," he added.
This incident raises questions about the industry practice of contracting third parties to perform activities that deal with personal information. Users agree to provide data to the companies they trust, without being aware that it might end up in the databases of some other organization they know nothing about.