YNOT – Following a reported hacker attack earlier this week that may have exposed personal information for nearly 73,000 members and payment information for more than 44,000, the members area of DigitalPlayground.com and related websites remained inaccessible Thursday afternoon while owner-operator Manwin attempted to deal with the aftermath.
DigitalPlayground.com apparently came under attack sometime prior to March 5, when DataBreaches.net reported a group calling itself The Consortium claimed to possess a list of usernames, passwords and email addresses for 72,794 of the site’s members. In addition, the group claimed it retrieved credit card data for 44,633 DigitalPlayground.com members.
“We did not set out to destroy them but they made it too enticing to resist,” the group bragged in a series of Twitter messages collected by DataBreaches.net. “So now our humble crew leave [hacker groups] lulz and mayhem in our path. We not only have the 72k users of this site but also over 40k plaintext credit cards including ccvs, names and expiry dates.
“And of course as this is a porn site there was no shortage of .mil and .gov emails in their user list,” the group continued. “We also went on and rooted four of their servers, as well as gaining access to their mail boxes. Using credentials from emails we tapped into their conference call.
“Digital Playground game over.”
According to DataBreaches, the group posted a sample of the information it claims to have retrieved, all in the plain text file format the information allegedly was in when snatched. Storing sensitive financial data in unencrypted plain text files on internet-accessible servers violates PCI DSS standards established by the credit card processing industry.
The Consortium has not said what, if anything, it plans to do with the information it pilfered.
Manwin released a statement about the incident, saying security of confidential information is a priority for the company and suggesting the data breach may have occurred prior to Manwin’s assumption of DigitalPlayground.com’s operations:
[QUOTE]Due to an alleged security breach, Manwin elected to temporarily shut down Digital Playground, and related websites, on March 5, 2012.
Manwin officially took over Digital Playground and related assets on March 1, 2012, and according to allegations, the potential breach may have occurred prior to that date.
The safeguard and non-disclosure of private and confidential information is always a priority at our company, and management is supervising all aspects of this situation.
In addition, our customer service department has been in contact with Digital Playground members to inform them of the next steps.
Customers will not be billed while the site is inactive, and have been offered free access to a Manwin owned property of their choice during this time period. [/QUOTE]
DigitalPlayground.com is only the latest in what seems to be a wave of Manwin-directed cybercrime. In February, a teenage hacker claimed to have lifted more than 350,000 names, usernames, passwords and email addresses from Brazzers, also owned by Manwin. The company subsequently disconnected its YouPorn tube site from what Manwin called a third-party chat service provider because a hacker also compromised personal information belonging to YouPorn chat users.
