Security at an adult Web site was breached last weekend when
hackers broke in to Playboy's online store.
Playboy officials confirmed that following the break-in, some
customers received e-mails from a computer hacker that contained
credit card numbers and other personal financial information.
The breach could affect customers who visited the online store as
far back as 1996, according to officials at the New York-based
company.
Laura Sigman, a Playboy.com spokeswoman, said the e-mails were
"poorly written" messages from a hacker who apparently used a
Playboy.com return address header to send the messages. Sigman said
technicians at Playboy.com discovered the security breach after
noticing "some unusual server activity" as the e-mails were
apparently being sent out.
In a follow-up e-mail sent out yesterday by Larry Lux, president of
Playboy.com, all customers who have made a purchase online in the
past five years were advised to contact their credit card companies
to be sure that no unauthorised purchases had been made.
Lux assured customers that the company is "taking a number of other
immediate measures to address this situation", including the hiring
of Kroll, a security consultant, to audit all of Playboy.com's
computer systems and prevent future attacks. Playboy.com has also
reported the breach to federal authorities and is co-operating in a
criminal investigation.
"Unfortunately, Playboy is only one of a number of high-profile
companies who have been subjected to this kind of malicious
hacking," Lux said in his e-mail to customers. "We recognise the
value that you place on your privacy and security and want to
assure you that we are doing everything possible to rectify the
situation."
The company wouldn't disclose the exact steps it is taking to
prevent future attacks, nor would officials describe how the
attacker entered the site.
Analysts offered mixed views about how the intrusion will affect
future shoppers at Playboy.com. Chad Robinson, an analyst at Robert
Frances Group, said that attacks like these have become well
publicised, but that they don't necessarily send customers fleeing.
"Playboy.com sells products which are in high demand," Robinson
said. "I don't think customers will stay away because a site has
been hacked." Instead, the message continues to be that buyers
should be careful where they give out their personal information
and should be sure they're protected by using true credit cards,
rather than debit cards, when shopping online, he said.
Playboy.com's reaction to the break-in was excellent, since the
company quickly e-mailed customers to advise them of the problem
and describe the steps being done to resolve it, he said.
Others think the incident hurts Playboy.com in the eyes of
customers. Charles Kolodgy, an analyst at IDC, said the attack
highlights the greatest fear of many online shoppers - that their
personal information will be stolen and used by thieves.
"It does cause some problems in that area," Kolodgy said. Some
customers may choose to shop at competing sites, he said. Or they
may still shop there but seek to use mail or phone payment
arrangements, if available.
Eric Hemmendinger, an analyst at Aberdeen Group, said customers do
remember such incidents. "This is bad news for Playboy.com," he
said.