Digital Playground.com hacked

AuthorTopic
Harri Patel
Senior Member


Phuc Kieu
12834 Posts
3/03
Posted - Mar 6 2012 : 11:55:26 PM
Link Also mentioned on mikesouth.com

Apparently they got 72,000 customers’ details and over 44,000 credit card numbers, and DP had all this info in their servers in clear text, instead of encrypted. Shitty security to go with the shitty porn.

South suggests "If you have ever joined a Digital Playground owned site you should immediately call your credit card company and request a new account number and card."

[Link]
Cody McLarge
Senior Member

8156 Posts
8/10
Posted - Mar 7 2012 : 05:14:28 AM
Fuck.
Go To Top of page [Link]
Jacco
Your Choice

"liable to deprave and corrupt"
5117 Posts
5/04
Posted - Mar 7 2012 : 01:00:23 PM
Storing cc numbers in plaintext? If that's true somebody at DP/Manwin is facing some hard questions from Visa and Amex.

Jacco

Go To Top of page [Link]
RandomPrecision
Senior Member

Dookie?
28480 Posts
3/06
Posted - Mar 7 2012 : 04:57:34 PM
Is it just my imagination there has been an elevated level of this kind of activity against the porn business just here lately?

Edited by - randomprecision on 3/7/2012 4:57:49 PM

Go To Top of page [Link]
wahine
Senior Member

Berlin
16723 Posts
10/11
Posted - Mar 7 2012 : 05:42:05 PM
Just hope it's not my ex who did this!
Go To Top of page [Link]
Drew Black
Administrator

9542 Posts
9/99
Posted - Mar 8 2012 : 02:25:02 PM
Bummer.
Go To Top of page [Link]
Bill
Moderator

13079 Posts
6/00
Posted - Mar 8 2012 : 10:28:11 PM


Jacco wrote:
Storing cc numbers in plaintext? If that's true somebody at DP/Manwin is facing some hard questions from Visa and Amex.

Jacco


Even if it's not true, Visa & Amex are not going to be happy about them storing cvv codes at all. Companies are not allowed to store those codes even if they are encrypted.

Go To Top of page [Link]
Jacco
Your Choice

"liable to deprave and corrupt"
5117 Posts
5/04
Posted - Mar 9 2012 : 12:05:43 AM
So how the hell did they pass a PCI compliance test? We don't store cc numbers at all and we have to do it every year.

Jacco

Go To Top of page [Link]
Bill
Moderator

13079 Posts
6/00
Posted - Mar 9 2012 : 01:14:41 AM


Jacco wrote:
So how the hell did they pass a PCI compliance test? We don't store cc numbers at all and we have to do it every year.

Jacco


My guess is that, since they are using third party credit card processors, who are, in all likelihood PCI compliant, is was assumed that they weren't storing any credit card info, since it's not necessary with a third party processor. At my company, we use a third party processor, who's credit card screen is imbedded in our own web page. We never see the customer's credit card info because, even though, to the customer, it looks like they are entering their info into our site, they are doing so to the processors site. We're just given a token value that identifies the transaction between us and the processor. We store that token and utilize it if we need to issue a refund. Because of that process, we don't go through any PCI compliance every year, other than filling out a survey that states that we are still using the third party processor.

I would think that if we were too lazy to have setup the whole token process, we could still fill out the survey in such a way that would imply that we are not storing credit card info, even though we were. My guess is that's probably what happened at Digital Playground.

Go To Top of page [Link]
Drew Black
Administrator

9542 Posts
9/99
Posted - Mar 9 2012 : 07:31:03 AM


Bill wrote:
We never see the customer's credit card info because, even though, to the customer, it looks like they are entering their info into our site, they are doing so to the processors site. We're just given a token value that identifies the transaction between us and the processor. We store that token and utilize it if we need to issue a refund.

That's the way I have always preferred to do it for any transactions. However, Manwin/DP's business model is dependent on recurring billing. I'm not sure how you pull that off with the token-passing mechanism.

Go To Top of page [Link]
Jacco
Your Choice

"liable to deprave and corrupt"
5117 Posts
5/04
Posted - Mar 9 2012 : 08:45:28 AM
Third party processing can do that too. CCBill and such do it for plenty of adult paysites.

Jacco

Go To Top of page [Link]
PornStarNamedBuckNaked
Senior Member

Sometimes life is goofier then a monkey on ether
11742 Posts
7/10
Posted - Mar 9 2012 : 02:49:48 PM
^ I think DP needs to hire you Jacco.
Go To Top of page [Link]
Jacco
Your Choice

"liable to deprave and corrupt"
5117 Posts
5/04
Posted - Mar 9 2012 : 04:14:10 PM
No thanks, I am glad I don't have to deal with the ridiculous US obscenity laws.

Jacco

Go To Top of page [Link]
fu_q
Senior Member

MarvMontag.blogspot.com & @fu_qreviews (twitter)
5439 Posts
2/09
Posted - Mar 10 2012 : 12:56:14 AM
Wow. That all certainly sucks.

I'm just waiting for one of the ones that I have joined in the past to get hacked and to have to go through all the b.s.

Ugh...

Go To Top of page [Link]
Ramsey
Senior Member

The Best There Is, The Best There Was, The Best There Ever Will Be!
17874 Posts
10/02
Posted - Mar 11 2012 : 05:29:56 PM
Link
Go To Top of page [Link]
CummingLinguist
Senior Member

4811 Posts
11/11
Posted - Mar 21 2012 : 06:32:59 AM
^ OMG, that is brutal.

The site is back up, and I went to look at trailers.

The trailers are NOT up for viewing. If you click on the "Store" link to see trailers, it takes you to the Signup page where they blithely claim to be "100% Anonymous" and have "Guaranteed Safety."

As a former member, I feel tempted to call them and say, "You guaranteed safety, I want my money back."

Am I the only one?

Go To Top of page [Link]
All Forums -> Porn News - Press Releases
Previous topic: Eva Angelina Brings Sexy Self To Pornstar Camhouse

Next topic: Julie Simone Scores Feminist Porn Awards Noms

Jump To: