GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Digital Playground.com Hacked Credit Card Data Stolen. (https://gfy.com/showthread.php?t=1060217)

ShellShocked 03-07-2012 10:31 PM

Did DP send anything to their affiliates letting them know the site isn't taking signups?

vsex 03-08-2012 07:07 AM

bad luck has a tendancy to hit everyone at some point. Getting people to use their credit cards online was tough enough without this kinda shit scaring them.

Nick-Mindgeek 03-08-2012 08:08 AM

Quote:

Originally Posted by ShellShocked (Post 18810522)
Did DP send anything to their affiliates letting them know the site isn't taking signups?

We will absolutely cover any loss in joins to match any webmasters daily average over the past few months.

Please get in touch with me and shortly as the site is back up ; we will add any missing revenues.

Thank you

jay23 03-08-2012 08:48 AM

As a software developer this is some thing I cant understand. This is not unique to DP, I think the hack into Sony gaming network also found people storing PW / CC info in clear. It takes 1 line of code to do a MD5 hash.



Quote:

Originally Posted by venus (Post 18808288)
why is credit card info stored on the server in the first place, this was a requirement from visa/mastercard when sites had to be tested awhile back for compliance. Anyone storing credit card info on their servers is wrong. They give us all a bad name and will run off future customers because they cannot trust adult sites. They were totally wrong for storing CC info and I am sure visa will have issue with them.


ladida 03-08-2012 11:46 AM

Quote:

Originally Posted by jay23 (Post 18811152)
As a software developer this is some thing I cant understand. This is not unique to DP, I think the hack into Sony gaming network also found people storing PW / CC info in clear. It takes 1 line of code to do a MD5 hash.

How would you re-bill if it was hashed irreversibly ? :P
I agree it should not be cleartext, but if they're rebilling or something similar, it has to be reversible.

firequartz 03-08-2012 11:46 AM

Neeko ... I'm more concerned about the 85 affiliate accounts that here hacked/acquired/whatever ... what can you tell us about that? Will you/have you contacted the affected affiliates to at least let them know their affiliate accounts were compromised?

Quote:

Originally Posted by neeko (Post 18811080)
We will absolutely cover any loss in joins to match any webmasters daily average over the past few months.

Please get in touch with me and shortly as the site is back up ; we will add any missing revenues.

Thank you


jack-exploitedbabysitters 03-08-2012 12:45 PM

funny thing i wanted to signup to digital playground site the other day to check out their content, glad i didn't now

pradaboy 03-09-2012 06:19 AM

Quote:

Originally Posted by ShellShocked (Post 18810522)
Did DP send anything to their affiliates letting them know the site isn't taking signups?

Fuck no, I have to come here to find out wtf happened. Only noticed now that my links have been going nowhere.

jay23 03-09-2012 07:25 AM

Quote:

Originally Posted by ladida (Post 18811606)
How would you re-bill if it was hashed irreversibly ? :P
I agree it should not be cleartext, but if they're rebilling or something similar, it has to be reversible.

It should be AES. Just dont store the key in the PHP file which I have seen more then once :-)

firequartz 03-09-2012 07:40 AM

I see the affiliate site is back up, but apparently they changed all the login passwords .. which makes sense .. still no official notice from Manwin/DP to affiliates about what's going on and what to expect though ...

pstation 03-09-2012 08:04 AM

also to rebill you definitely do not need to store the cvv2, billing address, etc. all that you need is the # and expiration date.

Paul Markham 03-09-2012 08:52 AM

Lightning doesn't strike in the same place twice. And for sure not 3 times in a short period of time.

Either Manwin have seriously pissed someone, with the ability to hack into their servers, or they have a mole. No not the little cute furry kind.

What ever the lack of damage control and limitation here is something you would expect of me. After they were hacked the first time, alarm bells should of been ringing, second time someone needs to get it fixed ASAP.

If it happens again????????????????

Quote:

Originally Posted by DVTimes (Post 18809282)
i wonder why they did not email webmasters to tell them.

Do you need an answer or was it a rhetorical question?

SZNY 03-09-2012 09:07 AM

It was the talk of the day in Barcelona. Hope they can fix it, Digital Playground is a nice brand

Zoxxa 03-09-2012 09:27 AM

Quote:

Originally Posted by Roald (Post 18808401)
WOW thats must hurt them big time

Freeones affiliate u/p was in that list.

pstation 03-09-2012 10:02 AM

what really sucks for them I suppose is that they pretty much lost all of their rebills.

considering everyone that has their cc info stolen will need to cancel their cards and I can't imagine most people signing back up

porno jew 03-09-2012 10:13 AM

since they own 95% of the porn industry of course most hack attacks are going to hit them.

since you are a moron so you can't understand that.

Quote:

Originally Posted by Paul Markham (Post 18813282)
Lightning doesn't strike in the same place twice. And for sure not 3 times in a short period of time.

Either Manwin have seriously pissed someone, with the ability to hack into their servers, or they have a mole. No not the little cute furry kind.

What ever the lack of damage control and limitation here is something you would expect of me. After they were hacked the first time, alarm bells should of been ringing, second time someone needs to get it fixed ASAP.

If it happens again????????????????



Do you need an answer or was it a rhetorical question?


lucas131 03-09-2012 10:14 AM

so where is megaupload link to the full dump? :)

AsianDivaGirlsWebDude 03-09-2012 02:29 PM

Quote:

Originally Posted by Paul Markham (Post 18813282)

Lightning doesn't strike in the same place twice. And for sure not 3 times in a short period of time.

Either Manwin has seriously pissed someone off, with the ability to hack into their servers, or they have a mole. No not the little cute furry kind.

Read this elsewhere:

Quote:

The Tarot cards last year were telling us there'd be downsizing and layoffs (at Digital Playground). There'll be more to come with other companies. Porn has always worked on the pork barrel principle, and now it's time to get lean and mean.

Meanwhile Mike South writes: I posted previously about DP releasing Kay Brandt, Others were involved and at this time I have verified who they were via inside sources.

Peggy as previously noted was released but not because of the website breach, Peggy was over DVD sales. Also released was her sister Sue, Samantha Lewis (Yes you read that right) and Farley who headed up the websites.

They were all told by the new owners, Manwin that their jobs were secure not to worry, then on last Thursday they were all blindsided by the layoffs.

Word is the axe is coming on three of the contract girls as well.

http://www.trekp.com/posters/gw210-disgruntled.jpg

A possible good old fashioned disgruntled employee revenge motive for the leak(?)...hmmm - wouldn't be the first time.

ADG

Roald 03-09-2012 02:37 PM

Quote:

Originally Posted by Zoxxa (Post 18813366)
Freeones affiliate u/p was in that list.

yeah, been in contact with manwin already about it.

Nick-Mindgeek 03-09-2012 03:16 PM

Quote:

Originally Posted by firequartz (Post 18813127)
I see the affiliate site is back up, but apparently they changed all the login passwords .. which makes sense .. still no official notice from Manwin/DP to affiliates about what's going on and what to expect though ...

Hey Firequartz,

The email went out. In a nutshell ; all passwords have been reset. Please use the 'forgot password' to receive the new pass and get in and adjust your account.Other than that, we will compensate all affiliates for lost revenue taking daily average earnings over the past 2 months.

If there are any questions about this or anything else ; please contact me directly. I am always available via email around the clock.

Looking into the future : Some amazing tools for all affiliates coming up! Your DP revenue will explode in the near future :thumbsup

Thanks!

AsianDivaGirlsWebDude 03-09-2012 10:03 PM

Quote:

Originally Posted by pstation (Post 18813453)

what really sucks for them I suppose is that they pretty much lost all of their rebills.

considering everyone that has their cc info stolen will need to cancel their cards and I can't imagine most people signing back up

http://static.techspot.com/images/te...er_hacking.jpg

Over 40,000 people will have to cancel their credit cards and manually re-sign up? :helpme :Oh crap

How many people will sign up again with a company that caused their data to be compromised in the first place?

ADG

firequartz 03-10-2012 08:05 AM

Neeko .. I haven't received an email .. and yes I checked my junk mail filters ...

and I see it's down again anyway ...

pornmasta 03-10-2012 12:15 PM

Quote:

Originally Posted by Roald (Post 18808401)
WOW thats must hurt them big time

http://zone-h.org/mirror/id/17184557

btw check for freeones in this page

porno jew 03-10-2012 12:27 PM

Quote:

Originally Posted by pornmasta (Post 18815147)
http://zone-h.org/mirror/id/17184557

btw check for freeones in this page

yup some gfy'ers on there.

pornmasta 03-10-2012 12:45 PM

they should audit the security of their other websites before it is too late...

alias 03-10-2012 12:49 PM

Thanks for posting so we can check if our passwords were released pornmasta.

Theo 03-10-2012 12:53 PM

I have yet to see any evidence that CC data were compromised.

pornmasta 03-10-2012 01:04 PM

"72,000 customers" >> how many hits to send to get this amount of customers ???

pornmasta 03-10-2012 01:15 PM

So http://www.alexa.com/siteinfo/digitalplayground.com#
page rank = 23935
So it makes something like 100000 visitors per day.

"72,000 customers" <<<

I don't promote digitalplayground, but let's say that their conversion ratio is 1/1000 (that's pretty good).
I means that it would make 100 new sales per day ???

720 days to reach it ?
I don't think that the average member stays 720 days.
So they have to store CC numbers of old customers in their servers ? (stored in clear text !)

Something is wrong in this story...

and they need to be their own billing processor... (that's probably wrong)

So i guess they have been hacked long time ago....

porno jew 03-10-2012 01:20 PM

Quote:

Originally Posted by pornmasta (Post 18815227)
So http://www.alexa.com/siteinfo/digitalplayground.com#
page rank = 23935
So it makes something like 100000 visitors per day.

way off.

AsianDivaGirlsWebDude 03-10-2012 01:22 PM

Quote:

Originally Posted by AVN Theo (Post 18815199)

I have yet to see any evidence that CC data were compromised.

Reminds me of your Media Revenue "investigation"... :1orglaugh :winkwink:

http://chzmemebase.files.wordpress.c...et-grandma.jpg

Have you ever thought that maybe you're just not cut out for investigative journalism... :upsidedow

Quote:

One of the world's top adult-entertainment companies appears to have had one of the world's least secure websites.

Hackers using the previously unknown moniker "The Consortium" claim to have broken into the servers of DigitalPlayground.com last weekend and stolen 72,000 usernames and passwords and 40,000 credit-card numbers.

"We are The Consortium, and we have something special for our first release," reads a manifesto purportedly posted at admin.digitalplayround.com and reproduced on a mirroring site. "You see for a while now we have had access to digitalplayground.com, one of the five biggest porn sites in the world. But it doesn't need any introduction from us."

As of the afternoon of March 9, the front page of DigitalPlayground.com was up, but most links to internal pages went nowhere.

The sole link that worked, under the banner "Digital Playground is temporarily unavailable," went to a page that stated, "We are currently verifying the security parameters on this site and upgrading the entire system in order to better safeguard your information."

To paying users of DigitalPlayground.com, the second page apologized for the inconvenience and offered one month's free membership at rival porn sites.
"This site has so many freaking holes that if I didn't know it was a porn site, I would have mistaken it for a honeypot," The Consortium's posting quotes itself as saying.

It then goes on to describe in painful detail all the data it found relatively unprotected on Digital Playground's servers, including the usernames and plaintext passwords of the company's stars, some of whom are fairly well known.

"Jesse Jane's password was on average stronger than the admins of the site, we tip our BlackHats to you Ms. Jane, one reason among many to love this mynx," read the posting.
All of the 100 user passwords given as examples were in plaintext, not encrypted as security best practices demand. Even worse, the hackers claim that all credit-card numbers and card security codes were as well, though large parts of the two numbers used as examples were blacked out.

"These credit cards are all plaintext, but we will not be releasing or using as we do this for the love of the game not for profit and these peoples only crime was wanting some porn," read the posting. "We cannot justify releasing these people?s credit card info, but remember it is DP that allowed this to happen."

The manifesto ends with a list of video files contained within the site, along with directions for downloading them for free.

If you're a registered user of DigitalPlayground.com, here are two things you should do right away: Change the password on any other site or account that shared your Digital Playground password, and contact your credit-card company to put an alert on your account.

An email seeking comment from Digital Playground was not immediately returned.

pornmasta 03-10-2012 01:24 PM

Quote:

Originally Posted by porno jew (Post 18815233)
way off.

the current page rank of one of my website is 19000... something.
And i make 90 000- 110 000 visitors per day :winkwink:

pornmasta 03-10-2012 01:26 PM

"one of the five biggest porn sites"

>>

probably not in term of traffic (twistys and digitaldesire are far bigger)

pornmasta 03-10-2012 01:33 PM

so let's take 5 big websites:

naughtyamerica.com paysite, alexa rank 2081
brazzers.com 1043
realitykings.com 1750
twistys.com 3011
digitaldesire.com 6663

virtuagirl.com 10350

Digital Playground.com 23935

porno jew 03-10-2012 01:48 PM

not even close to the top 5. http://www.alexa-xxx.com/

Theo 03-10-2012 01:52 PM

Quote:

Originally Posted by AsianDivaGirlsWebDude (Post 18815237)
Reminds me of your Media Revenue "investigation"... :1orglaugh :winkwink:

http://chzmemebase.files.wordpress.c...et-grandma.jpg

Have you ever thought that maybe you're just not cut out for investigative journalism... :upsidedow

Go fuck yourself

pornmasta 03-10-2012 01:53 PM

Quote:

Originally Posted by porno jew (Post 18815261)
not even close to the top 5. http://www.alexa-xxx.com/

and they list only paysites...

Theo 03-10-2012 02:03 PM

I didnt claim to be a journalist. Aside U/P all we have seen is a statement by the hackers that wanted to protect the members of the site by not releasing any CC info.

Theo 03-10-2012 02:10 PM

At the same time the release of U/P allowed hackers to abuse such data and login to email and social media accounts. Their agenda is spamming, phishing and identity thieft. Its your choice to believe with no skepticism what they write.

pornmasta 03-10-2012 02:14 PM

Quote:

Originally Posted by AVN Theo (Post 18815286)
I didnt claim to be a journalist. Aside U/P all we have seen is a statement by the hackers that wanted to protect the members of the site by not releasing any CC info.

and what's happen if the website has been hacked before by other hackers ? (it would explain why CC numbers are stored in clear text )

Theo 03-10-2012 02:19 PM

Regarding mediarevenue, we posted an update last month. Maybe the next one will be a news story. I don't understand why the repeated irony from your side. We turned down a six figures adveriser, we spent the time to collect info and we connected with the right authorities. If you feel we did poorly job you are free to do something yourself.

Theo 03-10-2012 02:30 PM

Quote:

Originally Posted by pornmasta (Post 18815294)
and what's happen if the website has been hacked before by other hackers ? (it would explain why CC numbers are stored in clear text )

DP is using reputable, 3rd party billing providers that do not give you access to such billing info. Even when you are using your own merchant account, your gateway provider doesnt give you such access.

pornmasta 03-10-2012 04:06 PM

Quote:

Originally Posted by AVN Theo (Post 18815325)
DP is using reputable, 3rd party billing providers that do not give you access to such billing info. Even when you are using your own merchant account, your gateway provider doesnt give you such access.

so they have been hacked before... (don't tell me that it is not possible)

(and these 2nd hackers are perhaps good guys)

pornmasta 03-10-2012 04:11 PM

Quote:


We turned down a six figures adveriser...

If you feel we did poorly job you are free to do something yourself.
what is free ?

Just Alex 03-10-2012 04:23 PM

Quote:

Originally Posted by AVN Theo (Post 18815199)
I have yet to see any evidence that CC data were compromised.

Thats crazy. Per visa rule you can't store that shit on your servers.

Quote:

> These credit cards are all plaintext but we will not be releasing or using as we do this for the love of the game not for profit and these peoples only crime was wanting some porn.

> We cannot justify releasing these peoples credit card info, but remember it is DP that allowed this to happen, this could have been a different group.

> And perhaps they may have done far worse when given this information.

> Here is a censored version of what we found.
Number Month Year Type Name cvv2

42617 | 43799 | [CENSORED]6690 | [CENSORED] | 2012 | MC | Christopher D Ostrand [CENSORED]36 |
40872 | 42300 | [CENSORED]5779 | [CENSORED] | 2012 | MC | Piras Mauro [CENSORED]67 |

mikesouth 03-10-2012 04:29 PM

Theo

I have a couple of things that are bothering me about this...one is that the hackers did post partial cc numbers and ccv codes, names addy etc.

But the biggest one that bothers me is that I was contacted by someone in IT who resigned because of what Manwin was doing. Flat out said he wont go to jail for manwin. Sour grapes...could be but theres enough history to make me wonder.

obviously I havent vetted this enough to make it a post but as someone else here said the problem with being a shitbag is everyone always thinks you are up to no good

rowan 03-10-2012 06:21 PM

Quote:

Originally Posted by jay23 (Post 18811152)
As a software developer this is some thing I cant understand. This is not unique to DP, I think the hack into Sony gaming network also found people storing PW / CC info in clear. It takes 1 line of code to do a MD5 hash.

An md5 hash won't slow a cracker down much, the GPU in a modern video card can crack an md5'd password relatively easily. You can even crack common passwords by searching for the md5 value on google.

Code:

$ echo -n coffee | md5
24eb05d18318ac2db8b2b959315d10f2

http://www.google.com/search?hl=en&s...f2&btnG=Search

pornmasta 03-10-2012 06:22 PM

as a programmer, i can tell you that you can salt your hashes....

http://en.wikipedia.org/wiki/Salt_(cryptography)

rowan 03-10-2012 07:18 PM

You can still find entries with common passwords by brute forcing every possible salt combination (rather than every possible password combination)

A better way is to make a single password computationally expensive to crack, for example hashing it 10,000 times with an algorithm to change the salt each time. Even if the method used to generate the hash is known (say, by inspecting the code used to authenticate logins) you've made the cracker's job 10,000 times harder.

Rangermoore 03-10-2012 10:48 PM

And some of you morons thought by a couple people getting busted that Anonmous was done... Guess again LMFO!


All times are GMT -7. The time now is 06:43 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123