VAN NUYS, Calif.—DigitalPlayground.com, the flagship website of its namesake studio, was the subject of a massive security breach from a hacking collective calling itself The Consortium, which exposed more than 73,000 email addresses, usernames and passwords of the site’s members.
DigitalPlayground.com is the third Manwin property to fall victim to hackers in short succession. YouPorn.com and the Brazzers forum also were recently hacked, but no credit card data was involved, making this breach particularly concerning.
“We did not set out to destroy them but they made it too enticing to resist,” the hacking group posted. “So now our humble crew leave lulz and mayhem in our path. We not only have the 72k users of this site but also over 40k plaintext credit cards including ccvs, names and expiry dates.”
AVN obtained a copy of the database allegedly obtained by the group, and it contains email addresses, usernames and passwords for 73,342 people. Various versions of the list have been posted to online message boards.
The hackers did not dump all the information they claim to have acquired, but did post two redacted versions of credit card info from customers that correspond to the customer list, according to DataBreaches.net.
According to Th3Consortium, it hacked 27 admins’ names, usernames, e-mail addresses, and encrypted passwords; 85 affiliates’ usernames, plaintext passwords, and in some cases, IP addresses; and 82 .gov and .mil e-mail addresses with corresponding plaintext passwords.
DigitalPlayground.com currently is online but not accepting new members and its members area is temporarily inacessible. JesseJane.com, a Digital Playground-run site, is not resolving at this time.
The scope of this hack raises many questions, such has how the hackers were able to obtain credit card information since all the billing for membership to DigitalPlayground.com appears to be done through a third party processor.
Currently, all billing inquiries are being directed to a third party processor called Net Support. AVN called the number and was told that the company was brought on to deal with the aftermath of the breach, and that all members who try to log on to DigitalPlayground.com are being directed to customer support.
Previously, it looks as if Digital Playground used NATS, and within that program worked with a cascade of billers that included DHD Media, CCBill, NETBilling, Epoch and NetCash. The number of processors raises additional questions regarding the ability of hackers to attain the 44,000 complete credit card numbers that is being claimed.
UPDATE
Digital Playground has issued the following statement to AVN:
Due to an alleged security breach, Manwin elected to temporarily shut down Digital Playground, and related websites, on March 5, 2012.
Manwin officially took over Digital Playground and related assets on March 1, 2012, and according to allegations, the potential breach may have occurred prior to that date.
The safeguard and non-disclosure of private and confidential information is always a priority at our company, and management is supervising all aspects of this situation.
In addition, our customer service department has been in contact with Digital Playground members to inform them of the next steps.
Customers will not be billed while the site is inactive, and have been offered free access to a Manwin owned property of their choice during this time period.