Feeds

Hackers penetrate smut site, claim to have slurped users' privates

Used to be my Digital Playground

Securing Web Applications Made Simple and Scalable

Hackers claim to have made off credit card records and other personal information after mounting a smash-and-grab raid on porn site Digital Playground.

A previously unknown group called the The Consortium claims to have extracted the user names, email addresses and passwords of 73,000 subscribers to the grumble flick portal. That's potentially embarrassing enough by itself, but the crackers also claim to have extracted the numbers, expiry dates and security codes for 40,000 credit cards. The Consortium published a sample of the data it stole (login credentials, internal emails, software licence keys) as evidence of the hack, which seems to have been motivated more by mischief than profit-motivated cybercrime.

The Consortium, which claims affiliation to hacktivist group Anonymous, claims the Digital playground site was so riddled with security holes that it acted as a irresistable target. "We did not set out to destroy them but they made it too enticing to resist," the group said in a statement posted online. "So now our humble crew leave lulz and mayhem in our path."

Hacktivists claim that the credit card data they have swiped was unencrypted but this remains unconfirmed.

The Digital Playground site has been left online but the site has placed a moratorium on accepting new members while it investigates the hack.

The website is managed and run by Luxembourg-based firm Manwin, which told porn industry news site AVN that it only took on the management of the site on 1 March – possibly after the breach had actually taken place, the BBC reports. Digital Playground subscribers are been notified of the breach which at the very least will mean changing their passwords. It's unclear if any instances of fraud have resulted from the breach.

Manwin confirmed to El Reg that it officially took over Digital Playground and related assets on 1 March, 2012, and said that a security breach may have occurred prior to that date.

Due to the alleged breach, Manwin elected to temporarily shut down DigitalPlayground.com and related websites on 5 March, 2012.

The site was operational again for existing members on 11 March, it said. Manwin said that security parameters had been verified and that the entire system had been upgraded during this time period.

Members will not be billed for the period the site was inactive, a spokesperson added.

Further coverage of the story can be found here. Security commentary via Sophos' Naked security blog can be found here.

The breach is the latest in a growing list of security incidents to affect smut sites in recent weeks.

Coding errors that had lain dormant for years exposed the email addresses and passwords of YouPorn sex chat site, YP Chat, to all and sundry, it emerged last month.

In an unrelated breach last month, a teenage hacker broke into Brazzers, the hardcore porn portal, before making off with hundreds of thousands of user login details. Brazzers admitted the breach but stressed that no credit card data had been exposed. The self-declared perp uploaded data samples and claimed affiliation with Anonymous, a pattern repeated with the latest breach.

Anonymous splinter group LulzSec carried out a similar operation against smut site Pron.com last June. ®

Bootnote

Digital Playground, based in the San Fernando (porn) Valley region near Los Angeles is one of the biggest adult movie studios in the US. The operation prides itself on being something of a trailblazer for new technologies in the adult industry, for example pioneering the application of HD and three-dimension technology to porn. Digital's chief executive Samantha Lewis told the BBC that many technology brands use the adult industry to test new markets, albeit in absolute secrecy.

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.