Customer information exposed by Playboy hacker

Security at an adult Web site was breached last weekend when hackers broke in to Playboy's online store.

Security at an adult Web site was breached last weekend when hackers broke in to Playboy's online store.

Playboy officials confirmed that following the break-in, some customers received e-mails from a computer hacker that contained credit card numbers and other personal financial information.

The breach could affect customers who visited the online store as far back as 1996, according to officials at the New York-based company.

Laura Sigman, a spokeswoman, said the e-mails were "poorly written" messages from a hacker who apparently used a return address header to send the messages. Sigman said technicians at discovered the security breach after noticing "some unusual server activity" as the e-mails were apparently being sent out.

In a follow-up e-mail sent out yesterday by Larry Lux, president of, all customers who have made a purchase online in the past five years were advised to contact their credit card companies to be sure that no unauthorised purchases had been made.

Lux assured customers that the company is "taking a number of other immediate measures to address this situation", including the hiring of Kroll, a security consultant, to audit all of's computer systems and prevent future attacks. has also reported the breach to federal authorities and is co-operating in a criminal investigation.

"Unfortunately, Playboy is only one of a number of high-profile companies who have been subjected to this kind of malicious hacking," Lux said in his e-mail to customers. "We recognise the value that you place on your privacy and security and want to assure you that we are doing everything possible to rectify the situation."

The company wouldn't disclose the exact steps it is taking to prevent future attacks, nor would officials describe how the attacker entered the site.

Analysts offered mixed views about how the intrusion will affect future shoppers at Chad Robinson, an analyst at Robert Frances Group, said that attacks like these have become well publicised, but that they don't necessarily send customers fleeing.

" sells products which are in high demand," Robinson said. "I don't think customers will stay away because a site has been hacked." Instead, the message continues to be that buyers should be careful where they give out their personal information and should be sure they're protected by using true credit cards, rather than debit cards, when shopping online, he said.'s reaction to the break-in was excellent, since the company quickly e-mailed customers to advise them of the problem and describe the steps being done to resolve it, he said.

Others think the incident hurts in the eyes of customers. Charles Kolodgy, an analyst at IDC, said the attack highlights the greatest fear of many online shoppers - that their personal information will be stolen and used by thieves.

"It does cause some problems in that area," Kolodgy said. Some customers may choose to shop at competing sites, he said. Or they may still shop there but seek to use mail or phone payment arrangements, if available.

Eric Hemmendinger, an analyst at Aberdeen Group, said customers do remember such incidents. "This is bad news for," he said.

Read more on Antivirus, firewall and IDS products