Play.com Security Policy

28 Jul, 2008  Uncategorized

I am curious to whether Play will make any changes to their site after my email.

Email Sent to Paypal regarding password reminders being sent in plain text:

Hello,
 
A friend has had his account hacked / logged into by an unauthorised user and items ordered off their cash card, this prompted me to log in and change my password. I thought I would check my history of purchases to ensure this had not happened to my account and only saw one item ordered. I realised I had an old account and needed the password to log in, so I had the password emailed to me which to my suprise was in PLAIN TEXT!
 
Most online shops / secured sites would email a reset link so that the password never exists in plain text format. I have logged in and changed the password so that is not really an issue but many users would retrieve the password and not change it, I feel this is a big hole in your security policy and should be addressed. My debit card on your system is out of date, I wont be updating it until I feel that your system is more secure.
 
This is not a complaint just thought I would give my view.
 
Thank You

Their response:

Dear Ryan Tyler

Thank you for your email.

We are grateful for your suggestions and will forward your request onto the relevant department for their investigation. If we feel that our customers will benefit from your suggestion, we will update our website so it is worth periodically checking it for any further information.

If you have any further queries please check the FAQ section on our Helpdesk

 

www.play.com/helpdesk

Leave a comment

You must be logged in to post a comment.