If there’s anything that we’ve learned from 2011, it’s that hackers like pornography… Or at least they like to hack into pornography websites, steal the usernames and passwords, personal information, and credit card numbers. This is possibly because as an industry, these websites attract a great deal of users and also possibly it’s because they’re not often run with the best security in the business thus making them low hanging fruit.

Almost 72,000 users of the porn website Digital Playground had their personal data “exposed” and the hacker group The Consortium claims responsibility for the theft, reports technology website Techworld.

The stolen information includes subscribers’ user names, email addresses and passwords. The hackers also stole credit card details – which were in plaintext – of 40,000 cards, including the numbers, expiry dates and security codes (CCVS).

Digital Playground is run by European company Manwin, which is headquartered in Luxembourg.

The hackers left behind a manifesto that blasts the security of the Digital Playground website that fairly much exemplars the expectation that they were an easy target.

“This company has security, that if we didn’t know it was a real business, we would have thought to be a joke – a joke that we found much more amusing than they will,” the hackers wrote. “This site has so many freaking holes that if I didn’t know it was a porn site, I would have mistaken it for a honeypot.”

The document appears to show that the hackers gained root access to the machine that held the financial information and then began to rummage around the hard drive, web code, and databases. The manifesto is basically a how-to outlining how the hackers broke their security and then discovered that the underlying sensitive information had no protection. The hackers even made a segment dedicated to showing how the credit card information was stored in plain text.

“We also went on and rooted four of their servers, as well as gaining access to their mail boxes. Using credentials from emails we tapped into their conference call. ‘Is anyone besides David on the line?’ – We were. Did we win? Sure looks that way.”

Last year, LulzSec also made a name for themselves by sailing boldly into a sex industry website and pilfered the contents—June 2011 LulzSec took almost 26,000 usernames and passwords and leaked them publicly. The Consortium seems to be carrying on now an honored tradition of doing the same.

The moral of the story? Upkeep your security and don’t store your information unencrypted.

A spokesperson for Manwin said: “Manwin officially took over Digital Playground and related assets on 1 March 2012, and according to allegations, a potential security breach may have occurred prior to that date.

“Due to the alleged breach, Manwin elected to temporarily shut down DigitalPlayground.com, and related websites, on 5 March 2012. The site was operational again for existing members on 11 March 2012. Security parameters have been verified and the entire system was upgraded during this time period.

The spokesperson added: “Members will not be billed for the period the site was inactive.”