Hackers claim to have stolen the details of more than 73,000 subscribers to porn site Digital Playground.
The data includes user names, email addresses and passwords. Also taken were the numbers, expiry dates and security codes for 40,000 credit cards.
The attack is the second successful breach of a site run by website management company Manwin.
A previously unknown hacker group called The Consortium said it was behind the attack.
While Manwin investigates, the Digital Playground site has been left online but is not accepting new members and its members area has been taken offline.
The Consortium posted some of the data it stole on the web and said security on the site was full of holes that "made it too enticing to resist" stealing the data.
"This company has security, that if we didn’t know it was a real business, we would have thought to be a joke – a joke that we found much more amusing than they will," wrote The Consortium in a log posted on the web.
Visible in the log were admin login names and passwords as well as a selection of the email addresses and user names of some members. Internal emails, details of the four servers underpinning the site and software licence keys were also posted.
The Consortium claims some of the credit card data was stored in plain text form. The group claims to be connected to the Anonymous and Lulzsec hacker groups.
Porn producer Digital Playground is based in California but its website is managed and run by Canadian firm Manwin. The London office of the company declined to comment on the attack.
In a statement provided to porn industry news site AVN, Manwin said it took over management of the site on 1 March and said the breach may have occurred before it took charge.
Manwin management was overseeing the investigation and Digital Playground subscribers had been contacted to let them know what had happened.
In late February, details of more than 6,000 users of YouPorn’s discussion forums, known as YP Chat, were stolen. YP Chat is also administered by Manwin. Lax security at a third-party provider was blamed for the breach.
Statistics: Posted by yoda — Mon Mar 12, 2012 10:11 am
View full post on opinions.caduceusx.com