Anonymous Affiliate Steals 40,000 Credit Card Numbers
By Jennifer LeClaire / Data Storage Today. Updated March 12, 2012.
It's not Anonymous, but it's an emerging group of hackers that claims affiliation with the infamous "hacktivist" group. Its name: The Consortium.
The Consortium is making headlines today for allegedly stealing the credit card records and other personal identifying information in a hack on porn site Digital Playground. The Consortium claims to have stolen information from more than 70,000 users of the Internet porn site.
"By and large, groups of hackers including Anonymous and the Consortium are putting large and small organizations on notice that they need to be far more prudent in securing their data," said Jonathan Spira, chief analyst at Basex and author of Overload! How Too Much Information is Hazardous To Your Organization.
"Today, individuals and organizations have far more information to manage than ever before, and it's critical to ensure that the appropriate measures and safeguards are in place to keep information safe and secure," Spira said.
Indeed, for its first major hack job, The Consortium stole about 40,000 financial details, spanning names, credit card numbers, CCV numbers and expiration dates. In a message, The Consortium claimed it has had access to DigitalPlayground.com for a while before it decided to strike.
"This company has security, that if we didn't know it was a real business, we would have thought to be a joke -- a joke that we found much more amusing than they will," The Consortium said.
"These credit cards are all plaintext but we will not be releasing or using as we do this for the love of the game, not for profit, and these people's only crime was wanting some porn. We cannot justify releasing these people's credit card info, but remember it is DP that allowed this to happen, this could have been a different group. And perhaps they may have done far worse when given this information."
The Consortium also made available more than 50 porn movies in its hack. Digital Playground is up and running, but as of the time this article was penned the porn site was not registering new members.
Stop Using the Same Password
"So, what are the lessons that consumers can learn from this? At the very least, you should use different passwords for different services. If you give a password to, say, a pornographic Web site, make sure that you are not using the same password on other Web sites too -- as malicious hackers might use it to unlock your other accounts," said Graham Cluley, a senior security analyst at Sophos.
"Unfortunately there's not much you can do about whether the Web site you are using is properly protected against vulnerabilities, and securely encrypting your personal information, other than explore whether they have had security issues in the past and vote with your feet if you feel they are doing a poor job."