Playboy says hacker stole customer info

November 20, 2001

By Greg Sandoval and Robert Lemos, CNET News.com

http://news.com.com/2100-1017-276075.html?legacy=cnet



Playboy.com has alerted customers that an intruder broke into its Web site and obtained some customer information, including credit card numbers.

The online unit of the nearly 50-year-old men's magazine said in an e-mail to customers that it believed a hacker accessed "a portion" of Playboy.com's computer systems. In the e-mail, a copy of which was reviewed by CNET News.com, Playboy.com President Larry Lux did not disclose how many customers might have been affected.

Playboy.com encouraged customers to contact their credit card companies to check for unauthorized charges. New York-based Playboy.com also said it reported the incident to law enforcement officials and hired a security expert to audit its computer systems and analyze the incident.

"Unfortunately, Playboy is only one of a number of high-profile companies who have been subjected to this kind of malicious hacking," Lux said in the e-mail.

Lux is right. Fraud continues to plague online stores, as much as or more than it does stores in the brick-and-mortar world. Web thieves who hack into Web stores to pilfer credit card numbers and then go on shopping sprees have led banks in some cases to charge higher fees to service credit card transactions on the Web.

The number of hacking incidents also undermines the public's trust in e-commerce, analysts have said.

Playboy.com learned of the breach after a person claiming access to its systems and customer information began e-mailing customers Sunday night. Although Playboy.com did not say when the intruder first got into the site, the hacker in the e-mail claimed to have had access since 1998.

Five Playboy.com customers told CNET News.com that they saw the e-mail after logging in Monday morning. All five said the message included their credit card information and expiration date.

Ernie Brooks, who bought a wedding gift from Playboy.com's Web store three months ago, said he thought the e-mail was a joke--until he got to the part telling him his "personal details" were below. Indeed, there was his credit card number and expiration date.

Stunned, Brooks said he called his bank to cancel the card. "Nobody charged anything on it, but I'm going on vacation on Wednesday and now I don't have a credit card," he said.

Another who received the e-mail--a graduate student who bought some items on the site for his wife over a year ago--said he has always worried about Internet security and whether his credit card information is safe.

"I do most of my shopping online, so it's a big concern," he said. "It will be some time before I trust Playboy again."


main page ATTRITION feedback