Anh Nguyen provides an update on a breach reported on this blog yesterday. At the time, I had raised the possibility that the breach might be linked to a previously known breach involving SilverPop. It turns out that was the explanation:
Play.com has emailed its customers again to shed more light on the security breach it revealed two days ago.
The online retailer’s CEO, John Perkins, said that the company was alerted to a security breach when some customers reported receiving spam email to addresses they only use for Play.com.
In an initial email alert to customers, Play.com said that a security breach at a third-party company that handles its marketing communications had had a security breach, which meant that “some customer names and email addresses may have been compromised.”
However, not all Play.com customers have received an email security alert, which suggests that those who did are the ones that have been compromised.
The company has now revealed that the third-party company is email service provider Silverpop, which has been managing Play.com’s email marketing since 2008.
Read more on Computerworld.