customer emails leaked?

Online retailer has been accused of leaking its customers' email addresses to spammers.

Many customers reported receiving a spam email yesterday, offering an Adobe Reader upgrade which requires registration and payment. Some of these emails were sent to unique email addresses that have only been used at, suggesting that the spammer had access to private customer details.

Most complaints relate to an email with the subject line "Get more done, much faster, with Acrobat X PDF Reader. Upgrade Available Now":

One customer commented yesterday:

"I too received the email this morning. I use a unique email address for each website using the plus addressing feature of gmail; in this case the phishing attack was sent to This is pretty compelling evidence that are at fault."

Although it does seem that's customer details have been breached, it is not yet clear how this may have happened, or indeed whether are at fault. In particular,'s privacy policy reveals several other places where leaks could have occurred. shares data with other business and technical partners to handle orders, process credit and debit card payments and for fraud protection.

Another recipient of the spam was advised the following by

"Please be advised that our database is maintained on a secure internal server that is not connected to the internet. No unauthorised access of any kind is available to the network."

Fortunately, most browser software has already blocked the spammer's website as a web forgery:

If the user chooses to ignore this warning, the site offers a download link for PDF Reader/Writer software:

The user is then taken to a third-party site,, which requires registration:

Finally, the user must pay for membership in order to obtain the software: did not respond to Netcraft's request for comment before this article was published.