SophosLabs: A group of hackers are claiming to have stolen the details of more than 70,000 users of the Digital Playground porn website.
The group, calling itself “The Consortium”, appears to have scooped up some 40,000 financial details (including credit card numbers, names, CCV numbers, and expiration dates) as well as the email addresses and passwords of 72,000 users.
According to the hackers, who appear to be affiliated with the Anonymous movement, the sensitive information was not encrypted.
A message posted by the hackers read in part:
We are The Consortium, and we have something special for our first release.
You see for a while now we have had access to digitalplayground.com, one of the five biggest porn sites in the world.
But it doesn’t need any introduction from us.This company has security, that if we didn’t know it was a real business, we would have thought to be a joke - a joke that we found much more amusing than they will.
These credit cards are all plaintext but we will not be releasing or using as we do this for the love of the game not for profit and these peoples only crime was wanting some porn. We cannot justify releasing these peoples credit card info, but remember it is DP that allowed this to happen, this could have been a different group. And perhaps they may have done far worse when given this information.
In addition to releasing usernames, passwords and credit card details, The Consortium also made freely available some 52 pornographic movies with names such as “Babysitters 2”, “Like Sister Like Slut” and “Sex and Corruption”.
The Digital Playground website is, at the time of writing, still online – but is refusing sign-ups of new members.
Last month, another hardcore porn website – Brazzers – had the details of some 350,000 of its users stolen by a hacker. Digital Playground was recently acquired by Manwin, the same company which runs Brazzers.
So, what are the lessons that consumers can learn from this? At the very least, you should use different passwords for different services. If you give a password to, say, a pornographic website make sure that you are not using the same password on other websites too – as malicious hackers might use it to unlock your other accounts.
Unfortunately there’s not much you can do about whether the website you are using is properly protected against vulnerabilities, and securely encrypting your personal information, other than explore whether they have had security issues in the past and vote with your feet if you feel they are doing a poor job.