GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Digital Playground.com Hacked Credit Card Data Stolen. (https://gfy.com/showthread.php?t=1060217)

AsianDivaGirlsWebDude 03-10-2012 01:22 PM

Quote:

Originally Posted by AVN Theo (Post 18815199)

I have yet to see any evidence that CC data were compromised.

Reminds me of your Media Revenue "investigation"... :1orglaugh :winkwink:

http://chzmemebase.files.wordpress.c...et-grandma.jpg

Have you ever thought that maybe you're just not cut out for investigative journalism... :upsidedow

Quote:

One of the world's top adult-entertainment companies appears to have had one of the world's least secure websites.

Hackers using the previously unknown moniker "The Consortium" claim to have broken into the servers of DigitalPlayground.com last weekend and stolen 72,000 usernames and passwords and 40,000 credit-card numbers.

"We are The Consortium, and we have something special for our first release," reads a manifesto purportedly posted at admin.digitalplayround.com and reproduced on a mirroring site. "You see for a while now we have had access to digitalplayground.com, one of the five biggest porn sites in the world. But it doesn't need any introduction from us."

As of the afternoon of March 9, the front page of DigitalPlayground.com was up, but most links to internal pages went nowhere.

The sole link that worked, under the banner "Digital Playground is temporarily unavailable," went to a page that stated, "We are currently verifying the security parameters on this site and upgrading the entire system in order to better safeguard your information."

To paying users of DigitalPlayground.com, the second page apologized for the inconvenience and offered one month's free membership at rival porn sites.
"This site has so many freaking holes that if I didn't know it was a porn site, I would have mistaken it for a honeypot," The Consortium's posting quotes itself as saying.

It then goes on to describe in painful detail all the data it found relatively unprotected on Digital Playground's servers, including the usernames and plaintext passwords of the company's stars, some of whom are fairly well known.

"Jesse Jane's password was on average stronger than the admins of the site, we tip our BlackHats to you Ms. Jane, one reason among many to love this mynx," read the posting.
All of the 100 user passwords given as examples were in plaintext, not encrypted as security best practices demand. Even worse, the hackers claim that all credit-card numbers and card security codes were as well, though large parts of the two numbers used as examples were blacked out.

"These credit cards are all plaintext, but we will not be releasing or using as we do this for the love of the game not for profit and these peoples only crime was wanting some porn," read the posting. "We cannot justify releasing these people?s credit card info, but remember it is DP that allowed this to happen."

The manifesto ends with a list of video files contained within the site, along with directions for downloading them for free.

If you're a registered user of DigitalPlayground.com, here are two things you should do right away: Change the password on any other site or account that shared your Digital Playground password, and contact your credit-card company to put an alert on your account.

An email seeking comment from Digital Playground was not immediately returned.

pornmasta 03-10-2012 01:24 PM

Quote:

Originally Posted by porno jew (Post 18815233)
way off.

the current page rank of one of my website is 19000... something.
And i make 90 000- 110 000 visitors per day :winkwink:

pornmasta 03-10-2012 01:26 PM

"one of the five biggest porn sites"

>>

probably not in term of traffic (twistys and digitaldesire are far bigger)

pornmasta 03-10-2012 01:33 PM

so let's take 5 big websites:

naughtyamerica.com paysite, alexa rank 2081
brazzers.com 1043
realitykings.com 1750
twistys.com 3011
digitaldesire.com 6663

virtuagirl.com 10350

Digital Playground.com 23935

porno jew 03-10-2012 01:48 PM

not even close to the top 5. http://www.alexa-xxx.com/

Theo 03-10-2012 01:52 PM

Quote:

Originally Posted by AsianDivaGirlsWebDude (Post 18815237)
Reminds me of your Media Revenue "investigation"... :1orglaugh :winkwink:

http://chzmemebase.files.wordpress.c...et-grandma.jpg

Have you ever thought that maybe you're just not cut out for investigative journalism... :upsidedow

Go fuck yourself

pornmasta 03-10-2012 01:53 PM

Quote:

Originally Posted by porno jew (Post 18815261)
not even close to the top 5. http://www.alexa-xxx.com/

and they list only paysites...

Theo 03-10-2012 02:03 PM

I didnt claim to be a journalist. Aside U/P all we have seen is a statement by the hackers that wanted to protect the members of the site by not releasing any CC info.

Theo 03-10-2012 02:10 PM

At the same time the release of U/P allowed hackers to abuse such data and login to email and social media accounts. Their agenda is spamming, phishing and identity thieft. Its your choice to believe with no skepticism what they write.

pornmasta 03-10-2012 02:14 PM

Quote:

Originally Posted by AVN Theo (Post 18815286)
I didnt claim to be a journalist. Aside U/P all we have seen is a statement by the hackers that wanted to protect the members of the site by not releasing any CC info.

and what's happen if the website has been hacked before by other hackers ? (it would explain why CC numbers are stored in clear text )

Theo 03-10-2012 02:19 PM

Regarding mediarevenue, we posted an update last month. Maybe the next one will be a news story. I don't understand why the repeated irony from your side. We turned down a six figures adveriser, we spent the time to collect info and we connected with the right authorities. If you feel we did poorly job you are free to do something yourself.

Theo 03-10-2012 02:30 PM

Quote:

Originally Posted by pornmasta (Post 18815294)
and what's happen if the website has been hacked before by other hackers ? (it would explain why CC numbers are stored in clear text )

DP is using reputable, 3rd party billing providers that do not give you access to such billing info. Even when you are using your own merchant account, your gateway provider doesnt give you such access.

pornmasta 03-10-2012 04:06 PM

Quote:

Originally Posted by AVN Theo (Post 18815325)
DP is using reputable, 3rd party billing providers that do not give you access to such billing info. Even when you are using your own merchant account, your gateway provider doesnt give you such access.

so they have been hacked before... (don't tell me that it is not possible)

(and these 2nd hackers are perhaps good guys)

pornmasta 03-10-2012 04:11 PM

Quote:


We turned down a six figures adveriser...

If you feel we did poorly job you are free to do something yourself.
what is free ?

Just Alex 03-10-2012 04:23 PM

Quote:

Originally Posted by AVN Theo (Post 18815199)
I have yet to see any evidence that CC data were compromised.

Thats crazy. Per visa rule you can't store that shit on your servers.

Quote:

> These credit cards are all plaintext but we will not be releasing or using as we do this for the love of the game not for profit and these peoples only crime was wanting some porn.

> We cannot justify releasing these peoples credit card info, but remember it is DP that allowed this to happen, this could have been a different group.

> And perhaps they may have done far worse when given this information.

> Here is a censored version of what we found.
Number Month Year Type Name cvv2

42617 | 43799 | [CENSORED]6690 | [CENSORED] | 2012 | MC | Christopher D Ostrand [CENSORED]36 |
40872 | 42300 | [CENSORED]5779 | [CENSORED] | 2012 | MC | Piras Mauro [CENSORED]67 |

mikesouth 03-10-2012 04:29 PM

Theo

I have a couple of things that are bothering me about this...one is that the hackers did post partial cc numbers and ccv codes, names addy etc.

But the biggest one that bothers me is that I was contacted by someone in IT who resigned because of what Manwin was doing. Flat out said he wont go to jail for manwin. Sour grapes...could be but theres enough history to make me wonder.

obviously I havent vetted this enough to make it a post but as someone else here said the problem with being a shitbag is everyone always thinks you are up to no good

rowan 03-10-2012 06:21 PM

Quote:

Originally Posted by jay23 (Post 18811152)
As a software developer this is some thing I cant understand. This is not unique to DP, I think the hack into Sony gaming network also found people storing PW / CC info in clear. It takes 1 line of code to do a MD5 hash.

An md5 hash won't slow a cracker down much, the GPU in a modern video card can crack an md5'd password relatively easily. You can even crack common passwords by searching for the md5 value on google.

Code:

$ echo -n coffee | md5
24eb05d18318ac2db8b2b959315d10f2

http://www.google.com/search?hl=en&s...f2&btnG=Search

pornmasta 03-10-2012 06:22 PM

as a programmer, i can tell you that you can salt your hashes....

http://en.wikipedia.org/wiki/Salt_(cryptography)

rowan 03-10-2012 07:18 PM

You can still find entries with common passwords by brute forcing every possible salt combination (rather than every possible password combination)

A better way is to make a single password computationally expensive to crack, for example hashing it 10,000 times with an algorithm to change the salt each time. Even if the method used to generate the hash is known (say, by inspecting the code used to authenticate logins) you've made the cracker's job 10,000 times harder.

Rangermoore 03-10-2012 10:48 PM

And some of you morons thought by a couple people getting busted that Anonmous was done... Guess again LMFO!

mikesouth 03-10-2012 11:39 PM

100 stolen password posts

pornmasta 03-11-2012 07:09 AM

Quote:

Originally Posted by Rangermoore (Post 18815832)
And some of you morons thought by a couple people getting busted that Anonmous was done... Guess again LMFO!

http://troll.me/images/legs/are-you-serious.jpg

CyberHustler 03-11-2012 07:29 AM

Thanks again Manwin....

Barry-xlovecam 03-11-2012 08:10 AM

Quote:

Originally Posted by rowan (Post 18815626)
You can still find entries with common passwords by brute forcing every possible salt combination (rather than every possible password combination)

A better way is to make a single password computationally expensive to crack, for example hashing it 10,000 times with an algorithm to change the salt each time. Even if the method used to generate the hash is known (say, by inspecting the code used to authenticate logins) you've made the cracker's job 10,000 times harder.

I guess if there is an algorithm it will be cracked (eventually).

German 'hacker' uses rented computing to crack hashing algorithm

http://www.theregister.co.uk/2010/11...password_hack/

Off Internet transaction servers behind a DMZ. Anything on an Internet connected server is vulnerable -- period.

lucas131 03-11-2012 08:14 AM

lol some replies here really rocks ... we all know the only hackers are anonymous and the only hacked company is digitalplayground ... people, oh people ... if you work online, learn something about online business. if you will be selling guns, i bet you will know facts about crime and so in that field, so why you know shit about online ... ? :upsidedow

gabe100 03-11-2012 08:42 AM

Quote:

Originally Posted by mikesouth (Post 18815450)
Theo
But the biggest one that bothers me is that I was contacted by someone in IT who resigned because of what Manwin was doing. Flat out said he wont go to jail for manwin.

Mike that makes no sense. I doubt the guy walked on his own terms. Few have, but i doubt this guy did.

If they want you they want you, if not you "resign."

RaiderX 03-11-2012 09:35 AM

Oh damm :/ I hope they do something to compensate the clients whose CC infos are stolen :(

DWB 03-11-2012 12:09 PM

Quote:

Originally Posted by AVN Theo (Post 18815306)
we spent the time to collect info and we connected with the right authorities.

Speaking of, why were those authorities not named? Instead you said to send any info people had to AVN.

What law enforcement agency would request that AVN vet any and all information regarding their investigation?

Pure comedy. :2 cents:

Just own it and stop blowing smoke. Or list the authorities involved. No one trusts AVN.

AsianDivaGirlsWebDude 03-11-2012 01:18 PM

Quote:

Originally Posted by RaiderX (Post 18816461)

Oh damm :/ I hope they do something to compensate the clients whose CC infos are stolen :(

http://i.zdnet.com/blogs/the_consortium_first_hack.png

It appears that Manwin customers whom had their credit card info stolen will be able to receive a free month to a non-Digital Playground Manwin site as a consolation (I'm not sure if this includes pre-checked cross-sales to other sites like their normal transactions do).

ADG

firequartz 03-13-2012 08:59 PM

I see tonight the DP affiliate site is back up and digitalplayground.com is once again accepting memberships. However .. none of the affiliate linking codes appear to work, or rather, point to a page that no longer exists. Looks like they still have a bit of work to do.

Still never got an official email about it though. I checked around. No one I know received one .. so I don't think it's a matter of "lost in the junk mail"

AsianDivaGirlsWebDude 03-13-2012 10:50 PM

Quote:

Originally Posted by firequartz (Post 18821845)

I see tonight the DP affiliate site is back up and digitalplayground.com is once again accepting memberships. However .. none of the affiliate linking codes appear to work, or rather, point to a page that no longer exists. Looks like they still have a bit of work to do.

Still never got an official email about it though. I checked around. No one I know received one .. so I don't think it's a matter of "lost in the junk mail"

http://thepeoplescube.com/images/ima...BaghdadBob.gif

http://4.bp.blogspot.com/-N_lCz0Ecmj...600/fabian.jpg

ADG

OY 03-14-2012 02:12 AM

IF the CC info was compromised, then the real question is WHERE DID THE CC INFO GET STORED? And IF it was stored on their servers, how did they do it, and was it licensed to store CC info?

Just what came to my mind.... :2 cents:

ladida 03-14-2012 03:53 AM

It was from shopping cart part of website (they had a store of some sort). Most of those shopping carts have it in plaintext in sql tables.

firequartz 03-14-2012 04:54 PM

In the interest of fairness, it now looks like the affiliate links to digitalplayground.com are now working. However, jessejane.com, jacksplayground.com, and robbyd.com are still down.

Still waiting on the eMail.

firequartz 03-17-2012 10:01 AM

More ... follow-up .. it now looks like jessejane.com, jacksplayground.com, and robbyd.com have been removed from the Digital Playground affiliate program. Linking codes and promo materials have been removed from the affiliate site.

Still no official word from DP to affiliates about *anything*

AsianDivaGirlsWebDude 03-17-2012 12:24 PM

Quote:

Originally Posted by firequartz (Post 18829345)

More ... follow-up .. it now looks like jessejane.com, jacksplayground.com, and robbyd.com have been removed from the Digital Playground affiliate program. Linking codes and promo materials have been removed from the affiliate site.

Still no official word from DP to affiliates about *anything*

So much for keeping people (affiliates) informed...

http://thepeoplescube.com/images/ima...BaghdadBob.gif

http://4.bp.blogspot.com/-N_lCz0Ecmj...600/fabian.jpg

ADG

firequartz 03-19-2012 02:12 PM

Bump .. hey Manwin/DP rep .. where are ya??

DVTimes 04-26-2012 05:54 PM

is it fixed?

i ask as my fhg do not work, nor can i log in.

DVTimes 04-26-2012 06:00 PM

http://digitalplaygroundcash.com

bronco67 04-26-2012 07:15 PM

72,000 paying customers? I would have thought it would be something more like 72.


All times are GMT -7. The time now is 10:10 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123