- Security at Playboy.com's online store was breached last weekend, and some customers later received emails from a computer hacker that contained credit card numbers and other personal financial information, Playboy officials confirmed this week.
The breach could affect customers who visited the online store as far back as 1996, according to officials at the New York-based company.
Laura Sigman, a Playboy.com spokeswoman, says the emails were "poorly written" messages from a hacker who apparently used a Playboy.com return address header to send the messages. Sigman says technicians at Playboy.com discovered the security breach after noticing "some unusual server activity" as the emails were apparently being sent out.
In a follow-up email sent out yesterday by Larry Lux, president of Playboy.com, all online customers in the past five years were advised to contact their credit card companies to be sure that no unauthorised purchases had been made on their cards.
In his email, Lux assured customers that the company is "taking a number of other immediate measures to address this situation," including the hiring of New York-based Kroll, a security and investigations consultant, to audit all of Playboy.com's computer systems and prevent future attacks. Playboy.com has also reported the breach to federal authorities and is cooperating in a criminal investigation.
"Unfortunately, Playboy is only one of a number of high-profile companies who have been subjected to this kind of malicious hacking," Lux said in his email to customers. "We recognise the value that you place on your privacy and security and want to assure you that we are doing everything possible to rectify the situation."
The Playboy.com store has been online for about five years. The company wouldn't disclose the exact steps it's taking to prevent future attacks, nor would officials describe how the attacker entered the site.
Analysts offered mixed views about how the intrusion will affect future shoppers at Playboy.com.
Chad Robinson, an analyst at Robert Frances Group in Westport, Connecticut, says that attacks like these have become well publicised, but that they don't necessarily send customers fleeing.
"Playboy.com sells products which are in high demand," Robinson says. "I don't think customers will stay away because a site has been hacked." Instead, the message continues to be that buyers should be careful where they give out their personal information and should be sure they're protected by using true credit cards, rather than debit cards, when shopping online, he says.
Playboy.com's reaction to the break-in was excellent, since the company quickly emailed customers to advise them of the problem and describe the steps being done to resolve it, he says. "All of those are confidence builders" for customers, he says. "I think that's a good step."
Others think the incident hurts Playboy.com in the eyes of customers.
Charles Kolodgy, an analyst at International Data Corporation in Framingham, Massachusetts, says the hacker attack highlights the greatest fear of many online shoppers -- that their personal information will be stolen and used by thieves.
"It does cause some problems in that area to recover from," Kolodgy says. Some customers may choose to shop at competing sites, he says. Or they may still shop there but seek to use mail or phone payment arrangements, if available.
Eric Hemmendinger, an analyst at Aberdeen Group in Boston, says customers do remember such incidents harshly.
"This is bad news for Playboy.com," he says. The invasion demonstrates that what a company does or doesn't do to ensure security online can leave it vulnerable if protections aren't adequate. "That image is particularly well suited here," he says of the adult website.