GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Porn site breached in hack attack (https://gfy.com/showthread.php?t=1060816)

potter 03-12-2012 09:17 AM
Porn site breached in hack attack
 
Quote:
Hackers claim to have stolen the details of more than 73,000 subscribers to porn site Digital Playground.

The data includes user names, email addresses and passwords. Also taken were the numbers, expiry dates and security codes for 40,000 credit cards.

The attack is the second successful breach of a site run by website management company Manwin.

A previously unknown hacker group called The Consortium said it was behind the attack.
'Tempting target'

While Manwin investigates, the Digital Playground site has been left online but is not accepting new members and its members area has been taken offline.

The Consortium posted some of the data it stole on the web and said security on the site was full of holes that "made it too enticing to resist" stealing the data.

"This company has security, that if we didn't know it was a real business, we would have thought to be a joke - a joke that we found much more amusing than they will," wrote The Consortium in a log posted on the web.

Visible in the log were admin login names and passwords as well as a selection of the email addresses and user names of some members. Internal emails, details of the four servers underpinning the site and software licence keys were also posted.

The Consortium claims some of the credit card data was stored in plain text form. The group claims to be connected to the Anonymous and Lulzsec hacker groups.

Porn producer Digital Playground is based in California but its website is managed and run by Canadian firm Manwin. The London office of the company declined to comment on the attack.

In a statement provided to porn industry news site AVN, Manwin said it took over management of the site on 1 March and said the breach may have occurred before it took charge.

Manwin management was overseeing the investigation and Digital Playground subscribers had been contacted to let them know what had happened.

In late February, details of more than 6,000 users of YouPorn's discussion forums, known as YP Chat, were stolen. YP Chat is also administered by Manwin. Lax security at a third-party provider was blamed for the breach.
http://www.bbc.co.uk/news/technology-17339508

Roald 03-12-2012 09:18 AM
wow again!!!

Wilsy 03-12-2012 09:25 AM
Quote:
Originally Posted by Roald (Post 18817866)
wow again!!!

Twice in one month sucks

OverdueNudes 03-12-2012 09:26 AM
Some people just don't learn the first time!!

jigg 03-12-2012 09:27 AM
"The Consortium claims some of the credit card data was stored in plain text form"

really? in 2012?

Idiots

Barry-xlovecam 03-12-2012 09:31 AM
https://gfy.com/showthread.php?t=1060217

Time warp ....

porno jew 03-12-2012 09:33 AM
think someone hacked the internet timeline instead.

scouser 03-12-2012 09:35 AM
wasnt this a few days ago? or is this a new one?

directfiesta 03-12-2012 09:38 AM
Quote:
Originally Posted by jigg (Post 18817879)
"The Consortium claims some of the credit card data was stored in plain text form"

really? in 2012?

Idiots
That contrevenes the bank merchant account terms :2 cents:

DWB 03-12-2012 09:40 AM
Great Scott!

http://1.bp.blogspot.com/_1uvostpA5Z...own-full-1.jpg

Fat Panda 03-12-2012 09:40 AM
Please report all crimes to the FBI or http://www.ic3.gov/default.aspx

lucas131 03-12-2012 09:44 AM
Quote:
Originally Posted by SAC (Post 18817912)
Please report all crimes to the FBI or http://www.ic3.gov/default.aspx
nice site, is it yours? wanna trade hardlinks? :)

Rothstein 03-12-2012 09:52 AM
more like manlose

raymor 03-12-2012 10:05 AM
Quote:
Originally Posted by jigg (Post 18817879)
"The Consortium claims some of the credit card data was stored in plain text form"

really? in 2012?

Idiots
A free tip for them and anyone with a similar system where the web server needs access to the same database that holds billing information:

Use federated tables. Tables with sensitive data like card numbers are on an intranet machine, behind the firewall. Card numbers etc. can be encrypted with Twofish or AES. That intranet server then federates the user table from the web server, so the public web server only has access to the data it needs.

Which tables go on the protected intranet machine and which on the public web server? The web server should hold only the tables it needs to do it's job. Any data that doesn't HAVE to be on the web server isn't placed there.

Similarly for internal email - run your internal IMAP from the intranet, preferably with each essential service on a VM which has one way access control so it can make only outgoing connections if at all possible, and only to those internet servers it needs to access.

The theme here is clear separation between public data (web pages) and secured data. The same concept makes transparent tours less secure, despite their convenience.

bean-aid 03-12-2012 10:05 AM
Whenever this happened everyone should be aware that storing credit cards in plain text is a *huge* violation of every credit card company.

It is stored in an encrypted vault usually by your gateway to your biller.


All times are GMT -7. The time now is 08:24 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123