Feeds

Hackers penetrate smut site, claim to have slurped users' privates

Used to be my Digital Playground

Internet Security Threat Report 2014

Hackers claim to have made off credit card records and other personal information after mounting a smash-and-grab raid on porn site Digital Playground.

A previously unknown group called the The Consortium claims to have extracted the user names, email addresses and passwords of 73,000 subscribers to the grumble flick portal. That's potentially embarrassing enough by itself, but the crackers also claim to have extracted the numbers, expiry dates and security codes for 40,000 credit cards. The Consortium published a sample of the data it stole (login credentials, internal emails, software licence keys) as evidence of the hack, which seems to have been motivated more by mischief than profit-motivated cybercrime.

The Consortium, which claims affiliation to hacktivist group Anonymous, claims the Digital playground site was so riddled with security holes that it acted as a irresistable target. "We did not set out to destroy them but they made it too enticing to resist," the group said in a statement posted online. "So now our humble crew leave lulz and mayhem in our path."

Hacktivists claim that the credit card data they have swiped was unencrypted but this remains unconfirmed.

The Digital Playground site has been left online but the site has placed a moratorium on accepting new members while it investigates the hack.

The website is managed and run by Luxembourg-based firm Manwin, which told porn industry news site AVN that it only took on the management of the site on 1 March – possibly after the breach had actually taken place, the BBC reports. Digital Playground subscribers are been notified of the breach which at the very least will mean changing their passwords. It's unclear if any instances of fraud have resulted from the breach.

Manwin confirmed to El Reg that it officially took over Digital Playground and related assets on 1 March, 2012, and said that a security breach may have occurred prior to that date.

Due to the alleged breach, Manwin elected to temporarily shut down DigitalPlayground.com and related websites on 5 March, 2012.

The site was operational again for existing members on 11 March, it said. Manwin said that security parameters had been verified and that the entire system had been upgraded during this time period.

Members will not be billed for the period the site was inactive, a spokesperson added.

Further coverage of the story can be found here. Security commentary via Sophos' Naked security blog can be found here.

The breach is the latest in a growing list of security incidents to affect smut sites in recent weeks.

Coding errors that had lain dormant for years exposed the email addresses and passwords of YouPorn sex chat site, YP Chat, to all and sundry, it emerged last month.

In an unrelated breach last month, a teenage hacker broke into Brazzers, the hardcore porn portal, before making off with hundreds of thousands of user login details. Brazzers admitted the breach but stressed that no credit card data had been exposed. The self-declared perp uploaded data samples and claimed affiliation with Anonymous, a pattern repeated with the latest breach.

Anonymous splinter group LulzSec carried out a similar operation against smut site Pron.com last June. ®

Bootnote

Digital Playground, based in the San Fernando (porn) Valley region near Los Angeles is one of the biggest adult movie studios in the US. The operation prides itself on being something of a trailblazer for new technologies in the adult industry, for example pioneering the application of HD and three-dimension technology to porn. Digital's chief executive Samantha Lewis told the BBC that many technology brands use the adult industry to test new markets, albeit in absolute secrecy.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.