"We understand there is some anxiety over [the user ID and password] being in the emails and that is why, effective immediately, passwords are not included in any email going to any member of any Go Network customer," a company spokeswoman said.
But as previously reported, in its effort to help users make a smooth transition from the affiliate sites, Disney included user names and passwords in the email messages, raising concern about the network's security standards.
"Although I was told I would not get unsolicited mail, I got this email with my user name and password in a completely unsecure way," said Sanjay Mathur, a regular user of ESPN.com, one of Disney's online properties, along with ABCNews.go.com and Family.go.com.
"What bothers me is that someone could possibly use that information to get my credit card information," Mathur added. "I do whatever I can to maintain security, and here is someone just piping it over the Internet."
Another ESPN.com user said that, with access to a user name and password, a person easily can get addresses, email addresses, and work and home telephone numbers from the Go Network site.
"They can get more than enough information to be pretend to be you," said Rogers Cadenhead, a long-time ESPN.com subscriber. "I was stunned when I got this email."
But yesterday the Go Network quickly noted that it is more of a customer satisfaction issue than a security problem, adding that there is no way to retrieve credit card information from their sites either over the Internet or by email. The company said that in over a year of serving millions of ESPN customers, there has not been a single incidence resulting in fraud.
"The broadcast email that was sent to ESPN subscribers to inform them of their benefits on GO Network did not compromise the users' credit card information in any way," said Patrick Naughton, executive vice president of products at the Go Network.
Even if credit card security is not vulnerable in the email messages, Disney could lose precious credibility and members simply because of the perception of risk. As hacks, free email breaches, and other security issues make regular headlines, those who are newer to the Net often are unsure where they are safe. And with entertainment, portal, and other companies locked in intense competition for members, there are plenty of choices for users looking to make a switch.
No company knows that more than the image-conscious Disney. "If we find that many users feel more comfortable specifically requesting their password information be mailed to them, we'll adjust the content of our email messages to not contain this convenient information up front," Naughton said yesterday.
But Cadenhead noted that products and services can be ordered from ESPN.com using just user names and passwords.
"Just this morning I spent $25 with nothing but [that information]," he said. "It hit my credit card and then asked if I wanted to spend another $100 to sign up my friends."
The Go Network said several different emails have been sent out recently to users. Among them, one deals with parental notification when someone under 13 joins, while another is a confirmation email that a new subscriber receives when he or she registers for the service. Both contain user names and passwords, ESPN.com and Go confirmed.
The letter that people like Mathur and Cadenhead received was to inform members of new services available at the Go Network, which now has about 9 million members.
"They say they've never had an account of credit card fraud," said Cadenhead. "Well, that streak is going to end this week."