The Consortium hacks porn site

The Consortium hacks porn site

Summary: The Consortium, a new hacktivist group, has introduced itself to the world by hacking the porn site Digital Playground. Everything, including credit card information, was stored in plain text.

SHARE:
TOPICS: Banking
2

The Consortium is a new hacktivist group. It has introduced itself to the world by hacking the pornography website Digital Playground (NSFW). The Consortium stole 40,000 plain-text financial credentials (credit card numbers, names, CCV numbers, and expiration dates) as well as the personal information (e-mail addresses, usernames, and passwords) of 72,000 users. Last but not least, they gained root access to four of the site's servers, which further let them access corporate e-mails, and listened in on the company's conference calls.

The hackers appear to be affiliated with hacktivist groups Anonymous and LulzSec. They say this is just their first hack:

We are The Consortium, and we have something special for our first release.

You see for a while now we have had access to digitalplayground.com, one of the five biggest porn sites in the world. But it doesn't need any introduction from us.

This company has security, that if we didn't know it was a real business, we would have thought to be a joke - a joke that we found much more amusing than they will.

"This site has so many freaking holes that if I didn't know it was a porn site, I would have mistaken it for a honeypot" - [Redacted]

We did not set out to destroy them but they made it too enticing to resist. So now our humble crew leave lulz and mayhem in our path. We not only have the 72k users of this site but also over 40k plaintext credit cards including ccvs, names and expiry dates. If you want to hear more about those plaintext credit cards scroll through the MySql info further down. And of course as this is a porn site there was no shortage of .mil and .gov emails in their user list.

We also went on and rooted four of their servers, as well as gaining access to their mail boxes. Using credentials from emails we tapped into their conference call. "Is anyone besides David on the line ?" - We were. Did we win? Sure looks that way.

Digital Playground game over.

The group was perfectly okay with sharing Digital Playground's user accounts (e-mail addresses, usernames, and passwords stored in plain text), 27 admin accounts (names, usernames, e-mail address, and encrypted passwords), and 85 affiliate accounts (usernames, plaintext passwords, and in some cases IP addresses), including those of porn stars. They even released 52 pornographic files belonging to the site:

A Job For Jenna AU DVD.rar Babysitters_2_Disc_1_AU_DVD.rar Babysitters_2_Disc_2_AU_DVD.rar Babysitters_2_WEB_Trailer.mov BadGirls5AU.rar Bad_Girls_6_AU_DVD.rar Bad_Girls_7_AU_DVD.rar Blackmail_AU_DVD.rar CHERRY_1_DISC_1_AU_DVD.rar Cherry_1_DIsc_2_AU_DVD.rar CHERRY_2_AU_DVD.rar Cherry_Episode01_SOFT_Trailer.mov CHERRY_TWO_TRAILER.mov Escaladies_2_AU_DVD.rar ESCALADIES_2_Trailer.mov ESCALADIES_Youtube_Trailer.mov Escort_AU_DVD.rar Fighters_AU_DVD_Disc1.rar Fighters_AU_DVD_Disc2.rar Fighters_AU_DVD_Disc3.rar Fighters_WEB_Trailer.mov Foreigner_AU_DVD.rar index.html In_Rileys_Panties_AU_DVD.rar JACKS_POV_18_AU_DVD.rar JESSE_JANE_BLACKMAIL_WEB_TRAILER.mov Like_Sister_Like_Slut_AU_HD_Streaming.m4v Loaded_XX5_RC_FEB_2012_SD_Stream.mov New_Dad_In_Town_AU_DVD.rar Nude_Content_AU_DVD.rar Payment_AU_DVD.rar Power_Fuck_AU_DVD.rar Sex_and_Corruption_2_AU_DVD.rar SexandCorruption3AUDVD.rar Sex_and_Corruption_3_Trailer_WEB.mov Sex_and_Corruption_EP2_Trailer_WEB.mov Sex_and_Corruption_Selena_AU_DVD.rar Sex_and_Corruption_WEB_Trailer.mov Stoya_Web_Whore_AU_DVD.rar Taras_Titties_AU_DVD.rar The_Crib_AU_DVD.rar THE_MASSEUSE_2_WEB_TRAILER.mov TheMasseuse3AUDVD.rar THE_MASSEUSE_3_Youtube_Trailer.mov TheMasseuse4RileyAUDVD.rar The_MASSEUSE_4_Trailer.mov The_Masseuse_WEB_Trailer.mov Top_Guns_R_rated_Trailer.mov Top_Guns_XXX_Trailer_ProRes_1080_US_v3.rar Watching_You_2_AU_DVD.rar Watching_You_3_Au_DVD.rar Watching_You_3_AU_DVD.rar

They weren't, however, willing to release credit card information:

These credit cards are all plaintext but we will not be releasing or using as we do this for the love of the game not for profit and these peoples only crime was wanting some porn. We cannot justify releasing these peoples credit card info, but remember it is DP that allowed this to happen, this could have been a different group. And perhaps they may have done far worse when given this information.

Here's what they posted on their Twitter account, which has some 200 followers:

#Anonymous Today we will be releasing free premium porn to our friends & frenemies #th3consortium #PenetratingThePenetrators As we promised this is our first but not last release http://is.gd/kgsaoX #Anonymous #freebies @YourAnonNews @TheHackersNews @anonymouSabu @cyber_war_news @TheHackersNews DigitalPlayground.com Owned by The Consortium #Anonymous #Consortium #AntiSec is.gd/kgsaoX the complete user list will be posted on hackbb onion forum very soon #Anonymous #AntiSec #Consortium Gracias por compartir la noticia de todas las cuentas estarán disponibles en breve en el foro de la cebolla hackbb #Anonymous Here you get 10K porn accounts more will follow shortly http://clsvtzwzdgzkjda7.onion/viewtopic.php?f=34&t=2715 #Anonymous #freebies @LulzKitten @AnonymousIrc Any chance of a retweet for our digital playground hack ? Guaranteed lulz or your money back is.gd/kgsaoX So nice to see you all enjoy the free porn. The movies are still available for free download see release file for more info #Anonymous 10k Accounts for DP has already been released here are the rest http://www.mediafire.com/?7jjm2cnymtodyr6 #Anonymous Looks like Digital PLayground is offline, hope lulz were had by all #AntiSec #Anonymous #Consortium

"Due to an alleged security breach, Manwin elected to temporarily shut down Digital Playground, and related websites, on March 5, 2012," a Digital Playground spokesperson told AVN. "Manwin officially took over Digital Playground and related assets on March 1, 2012, and according to allegations, the potential breach may have occurred prior to that date. The safeguard and non-disclosure of private and confidential information is always a priority at our company, and management is supervising all aspects of this situation. In addition, our customer service department has been in contact with Digital Playground members to inform them of the next steps. Customers will not be billed while the site is inactive, and have been offered free access to a Manwin owned property of their choice during this time period."

You can see a mirror image of the hack for yourself at Zone-H.

See also:

Topic: Banking

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • The usual excuses

    [i]We did not set out to destroy them but they made it too enticing to resist[/i]

    "We did not set out to break into your house, but you made it too enticing to resist".
    John Zern
  • Reply

    If you are looking to purchase Monster High dolls then you can purchase from here- http://buymonsterhighdolls.com
    techrahul