Feeds

Hackers penetrate smut site, claim to have slurped users' privates

Used to be my Digital Playground

Build a business case: developing custom apps

Hackers claim to have made off credit card records and other personal information after mounting a smash-and-grab raid on porn site Digital Playground.

A previously unknown group called the The Consortium claims to have extracted the user names, email addresses and passwords of 73,000 subscribers to the grumble flick portal. That's potentially embarrassing enough by itself, but the crackers also claim to have extracted the numbers, expiry dates and security codes for 40,000 credit cards. The Consortium published a sample of the data it stole (login credentials, internal emails, software licence keys) as evidence of the hack, which seems to have been motivated more by mischief than profit-motivated cybercrime.

The Consortium, which claims affiliation to hacktivist group Anonymous, claims the Digital playground site was so riddled with security holes that it acted as a irresistable target. "We did not set out to destroy them but they made it too enticing to resist," the group said in a statement posted online. "So now our humble crew leave lulz and mayhem in our path."

Hacktivists claim that the credit card data they have swiped was unencrypted but this remains unconfirmed.

The Digital Playground site has been left online but the site has placed a moratorium on accepting new members while it investigates the hack.

The website is managed and run by Luxembourg-based firm Manwin, which told porn industry news site AVN that it only took on the management of the site on 1 March – possibly after the breach had actually taken place, the BBC reports. Digital Playground subscribers are been notified of the breach which at the very least will mean changing their passwords. It's unclear if any instances of fraud have resulted from the breach.

Manwin confirmed to El Reg that it officially took over Digital Playground and related assets on 1 March, 2012, and said that a security breach may have occurred prior to that date.

Due to the alleged breach, Manwin elected to temporarily shut down DigitalPlayground.com and related websites on 5 March, 2012.

The site was operational again for existing members on 11 March, it said. Manwin said that security parameters had been verified and that the entire system had been upgraded during this time period.

Members will not be billed for the period the site was inactive, a spokesperson added.

Further coverage of the story can be found here. Security commentary via Sophos' Naked security blog can be found here.

The breach is the latest in a growing list of security incidents to affect smut sites in recent weeks.

Coding errors that had lain dormant for years exposed the email addresses and passwords of YouPorn sex chat site, YP Chat, to all and sundry, it emerged last month.

In an unrelated breach last month, a teenage hacker broke into Brazzers, the hardcore porn portal, before making off with hundreds of thousands of user login details. Brazzers admitted the breach but stressed that no credit card data had been exposed. The self-declared perp uploaded data samples and claimed affiliation with Anonymous, a pattern repeated with the latest breach.

Anonymous splinter group LulzSec carried out a similar operation against smut site Pron.com last June. ®

Bootnote

Digital Playground, based in the San Fernando (porn) Valley region near Los Angeles is one of the biggest adult movie studios in the US. The operation prides itself on being something of a trailblazer for new technologies in the adult industry, for example pioneering the application of HD and three-dimension technology to porn. Digital's chief executive Samantha Lewis told the BBC that many technology brands use the adult industry to test new markets, albeit in absolute secrecy.

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?