Wise customers who used specific e-mails just for Play.com were the ones who brought to light the data leakage when they started to receive unsolicited spammy e-mails. It then came to light that data had been leaked from the customer database.
Stonesoft has commented that playing-down the loss as being "just" e-mails and names instead of financial details misses the point and that the loss now exposes the company's customers to floods of unwanted e-mails which will undoubtedly contain malicious code to finish off the job that Play.com started. Read Stonesoft's comments
Sophos focuses on the ambiguity of the loss and advises Play.com customers to play safe and change their passwords since the exact nature of the loss wasn't made clear in the company statement. Read Sophos comments
LogRhythm mentions control of third parties as being the key to preventing such data loss incidents. Whilst play.com may have rigorous internal controls, the release of such data to third parties compromises the whole security infrastructure of the company. Read what LogRhythm has to say