Hackers expose weak security on Digital Playground porn site
A hacking group claims to have stolen the details of more than 70,000 users of the Digital Playground porn site
A previously unknown hacking group claims to have stolen the details of more than 70,000 users of the Digital Playground porn site.
Calling itself "The Consortium", the group said that in addition to user names, e-mail addresses and passwords, the stolen data included 40,000 credit card numbers, expiry dates and security codes.
According to the hackers, who appear to be affiliated with LulzSec and the broader Anonymous movement, the sensitive information was not encrypted.
"This company has security that, if we didn't know it was a real business, we would have thought to be a joke," the group said in a message posted on the Digital Playground pornography website and archived online.
However, The Consortium hacker group said it would not be releasing or using the information. "We do this for the love of the game, not for profit," the posting said.
"Remember it is DP that allowed this to happen, this could have been a different group. And perhaps they may have done far worse when given this information," the group added.
The Consortium also published what it said was a sample of internal e-mails and software licences to show it had gained complete access to Digital playground’s systems.
Graham Cluley, senior technology consultant at Sophos, said at the very least users of online services should use different passwords for different sites to limit hackers' access to accounts.
"Unfortunately there's not much you can do about whether the website you are using is properly protected against vulnerabilities, and securely encrypting your personal information, other than explore whether they have had security issues in the past and vote with your feet if you feel they are doing a poor job," Cluley wrote in a blog post.
Digital Playground is based in California, but its website is managed and run by Luxembourg-based firm Manwin.
In a statement, Manwin said it took over management of the site on 1 March 2012 and the breach may have occurred before it took charge.
Manwin said management is overseeing the investigation and Digital Playground subscribers had been contacted to let them know what had happened, according to the BBC.
