Featured New Release
Box cover for Naughty Interracial
Naughty Interracial
Studio: Naughty America
Release date: 7/30/2015


all new releases
All Forums > Porn News - Press Releases > Porn News - Press Releases Forum Page 117 > Digital Playground.com hacked
AuthorPost
Harri Patel
Senior Member


12998 Posts
3/03
Posted - Mar 6 2012 : 11:55PM
Link Also mentioned on mikesouth.com

Apparently they got 72,000 customers’ details and over 44,000 credit card numbers, and DP had all this info in their servers in clear text, instead of encrypted. Shitty security to go with the shitty porn.

South suggests "If you have ever joined a Digital Playground owned site you should immediately call your credit card company and request a new account number and card."

Cody McLarge
Senior Member

8156 Posts
8/10
Posted - Mar 7 2012 : 5:14AM
Fuck.
Jacco
Your Choice

"liable to deprave and corrupt"
5211 Posts
5/04
Posted - Mar 7 2012 : 1:00PM
Storing cc numbers in plaintext? If that's true somebody at DP/Manwin is facing some hard questions from Visa and Amex.

Jacco

RandomPrecision
Senior Member

Dookie?
28480 Posts
3/06
Posted - Mar 7 2012 : 4:57PM
Is it just my imagination there has been an elevated level of this kind of activity against the porn business just here lately?

Edited by - randomprecision on 3/7/2012 4:57:49 PM

wahine
Senior Member

Berlin
23489 Posts
10/11
Posted - Mar 7 2012 : 5:42PM
Just hope it's not my ex who did this!
Drew Black
Administrator

9599 Posts
9/99
Posted - Mar 8 2012 : 2:25PM
Bummer.
Bill
Moderator

13084 Posts
6/00
Posted - Mar 8 2012 : 10:28PM


Jacco wrote:
Storing cc numbers in plaintext? If that's true somebody at DP/Manwin is facing some hard questions from Visa and Amex.

Jacco


Even if it's not true, Visa & Amex are not going to be happy about them storing cvv codes at all. Companies are not allowed to store those codes even if they are encrypted.

Jacco
Your Choice

"liable to deprave and corrupt"
5211 Posts
5/04
Posted - Mar 9 2012 : 12:05AM
So how the hell did they pass a PCI compliance test? We don't store cc numbers at all and we have to do it every year.

Jacco

Bill
Moderator

13084 Posts
6/00
Posted - Mar 9 2012 : 1:14AM


Jacco wrote:
So how the hell did they pass a PCI compliance test? We don't store cc numbers at all and we have to do it every year.

Jacco


My guess is that, since they are using third party credit card processors, who are, in all likelihood PCI compliant, is was assumed that they weren't storing any credit card info, since it's not necessary with a third party processor. At my company, we use a third party processor, who's credit card screen is imbedded in our own web page. We never see the customer's credit card info because, even though, to the customer, it looks like they are entering their info into our site, they are doing so to the processors site. We're just given a token value that identifies the transaction between us and the processor. We store that token and utilize it if we need to issue a refund. Because of that process, we don't go through any PCI compliance every year, other than filling out a survey that states that we are still using the third party processor.

I would think that if we were too lazy to have setup the whole token process, we could still fill out the survey in such a way that would imply that we are not storing credit card info, even though we were. My guess is that's probably what happened at Digital Playground.

Drew Black
Administrator

9599 Posts
9/99
Posted - Mar 9 2012 : 7:31AM


Bill wrote:
We never see the customer's credit card info because, even though, to the customer, it looks like they are entering their info into our site, they are doing so to the processors site. We're just given a token value that identifies the transaction between us and the processor. We store that token and utilize it if we need to issue a refund.

That's the way I have always preferred to do it for any transactions. However, Manwin/DP's business model is dependent on recurring billing. I'm not sure how you pull that off with the token-passing mechanism.

Jacco
Your Choice

"liable to deprave and corrupt"
5211 Posts
5/04
Posted - Mar 9 2012 : 8:45AM
Third party processing can do that too. CCBill and such do it for plenty of adult paysites.

Jacco

PornStarNamedBuckNaked
Senior Member

Sometimes life is goofier then a monkey on ether
11742 Posts
7/10
Posted - Mar 9 2012 : 2:49PM
^ I think DP needs to hire you Jacco.
Jacco
Your Choice

"liable to deprave and corrupt"
5211 Posts
5/04
Posted - Mar 9 2012 : 4:14PM
No thanks, I am glad I don't have to deal with the ridiculous US obscenity laws.

Jacco

fu_q
Senior Member

MarvMontag.blogspot.com & @2pretty4porn (twitter)
5543 Posts
2/09
Posted - Mar 10 2012 : 12:56AM
Wow. That all certainly sucks.

I'm just waiting for one of the ones that I have joined in the past to get hacked and to have to go through all the b.s.

Ugh...

Ramsey
Senior Member

Trina Michaels fan
17880 Posts
10/02
Posted - Mar 11 2012 : 5:29PM
Link
CummingLinguist
Senior Member

5267 Posts
11/11
Posted - Mar 21 2012 : 6:32AM
^ OMG, that is brutal.

The site is back up, and I went to look at trailers.

The trailers are NOT up for viewing. If you click on the "Store" link to see trailers, it takes you to the Signup page where they blithely claim to be "100% Anonymous" and have "Guaranteed Safety."

As a former member, I feel tempted to call them and say, "You guaranteed safety, I want my money back."

Am I the only one?




Jump To: