Feeds

Hackers penetrate smut site, claim to have slurped users' privates

Used to be my Digital Playground

Providing a secure and efficient Helpdesk

Hackers claim to have made off credit card records and other personal information after mounting a smash-and-grab raid on porn site Digital Playground.

A previously unknown group called the The Consortium claims to have extracted the user names, email addresses and passwords of 73,000 subscribers to the grumble flick portal. That's potentially embarrassing enough by itself, but the crackers also claim to have extracted the numbers, expiry dates and security codes for 40,000 credit cards. The Consortium published a sample of the data it stole (login credentials, internal emails, software licence keys) as evidence of the hack, which seems to have been motivated more by mischief than profit-motivated cybercrime.

The Consortium, which claims affiliation to hacktivist group Anonymous, claims the Digital playground site was so riddled with security holes that it acted as a irresistable target. "We did not set out to destroy them but they made it too enticing to resist," the group said in a statement posted online. "So now our humble crew leave lulz and mayhem in our path."

Hacktivists claim that the credit card data they have swiped was unencrypted but this remains unconfirmed.

The Digital Playground site has been left online but the site has placed a moratorium on accepting new members while it investigates the hack.

The website is managed and run by Luxembourg-based firm Manwin, which told porn industry news site AVN that it only took on the management of the site on 1 March – possibly after the breach had actually taken place, the BBC reports. Digital Playground subscribers are been notified of the breach which at the very least will mean changing their passwords. It's unclear if any instances of fraud have resulted from the breach.

Manwin confirmed to El Reg that it officially took over Digital Playground and related assets on 1 March, 2012, and said that a security breach may have occurred prior to that date.

Due to the alleged breach, Manwin elected to temporarily shut down DigitalPlayground.com and related websites on 5 March, 2012.

The site was operational again for existing members on 11 March, it said. Manwin said that security parameters had been verified and that the entire system had been upgraded during this time period.

Members will not be billed for the period the site was inactive, a spokesperson added.

Further coverage of the story can be found here. Security commentary via Sophos' Naked security blog can be found here.

The breach is the latest in a growing list of security incidents to affect smut sites in recent weeks.

Coding errors that had lain dormant for years exposed the email addresses and passwords of YouPorn sex chat site, YP Chat, to all and sundry, it emerged last month.

In an unrelated breach last month, a teenage hacker broke into Brazzers, the hardcore porn portal, before making off with hundreds of thousands of user login details. Brazzers admitted the breach but stressed that no credit card data had been exposed. The self-declared perp uploaded data samples and claimed affiliation with Anonymous, a pattern repeated with the latest breach.

Anonymous splinter group LulzSec carried out a similar operation against smut site Pron.com last June. ®

Bootnote

Digital Playground, based in the San Fernando (porn) Valley region near Los Angeles is one of the biggest adult movie studios in the US. The operation prides itself on being something of a trailblazer for new technologies in the adult industry, for example pioneering the application of HD and three-dimension technology to porn. Digital's chief executive Samantha Lewis told the BBC that many technology brands use the adult industry to test new markets, albeit in absolute secrecy.

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.