Slashdot Mirror
Thousands of Adult Website Accounts Compromised
Keith writes "Tens of thousands — or maybe more — accounts to adult websites were recently declared compromised and apparently have been that way since some time in October 2007. The break occurred when the NATS software used to track and manage sales and affiliate revenues was accessed by an intruder. The miscreant apparently discovered a list of admin passwords residing on an unsecured office server at Too Much Media, which makes and maintains NATS installations for adult companies. It would appear that Too Much Media knew of the breach back in October, and rather than fixing the issue tried to bury it by threatening to sue anyone in the adult industry who talked about it." The article gives suggestions for anyone who opened an account at any adult website in the last several months.
You've made a lot of assumptions, most of them wrong
#1 - CC data wasnt stolen
#2 - NATS does NOT process credit cards. It simply coordinates transactions, just like when you buy something from a site via paypal - the transaction is done at paypal, the yes/no result is shipped back to NATS.
#3 - Don't assume because it's the 'porn industry' that it's seedy and business ethics are out of the window. There are a lot of large companies with a lot of money invested, and the security of their clients makes sense. Why would you want to rip off or mal-treat your clients? There are definitely arseholes in the industry, just as there are everywhere, for example, the post of this article [he released 300 webmaster usernames / passwords to the world, resulting in huge financial thefts.
#4 - There are multiple industry options: MPA, Epoch, CCBill, etc. NATS has a large market share because the software is good, primarily because it was the first piece of software that had 'no shave' option, ie, the software couldnt steal sales.
Like it's been said already, this issue was a clusterfuck, and handled badly by TMM, but there is so much misinformation, especially about te threat of stolen CCs and slamming the industry, that I'm compelled to say something.
Or the fact that a good portion of them simply don't care. Their solution is to send an army of people here to tag and comment me into the ground. Some of them continue to collect webmaster affiliate account data (which includes tax IDs/SSNs) on pages that have no SSL encryption at all. Despite the fact that I brought it up months ago.
Furthermore even if they had, if you were a real webmaster, you'd know: you can login to any biller and cannot see credit card information - CREDIT CARD INFORMATION WAS NOT STOLEN.
Finally taking the tack that 'all information is compromised unless proven otherwise' is complete rubbish. That's as far-reaching as saying: assume your online banking is compromised because they don;'t email you daily saying it's not.
The summary is as it was: NATs was breached, and the issue was handled very poorly. You, however, have posted lies, and FUD, once again, to try to engorge your ego. Your posts are full of lies and FUD, it's just that simple - and anyone w/ 5 mins can follow the links in this discussion and see the same.
Which statement did I make that you'd like facts to back up? Because, unlike you, I am wholly prepared to back up what I have to say. I don't want to know the name of your laughably fictitious anonymous source. I want to know how the data was arrived at because it strikes me that you have little concern for accuracy. I own the leading affiliate program in my niche and I think your data is way way way off, so I find it highly flawed thinking for you to believe that one other program owner's guesstimate is gospel. You already admitted that you personally believed your own data was off by something like 200%. Recap: You admit to being at least 200% wrong. I'm asking you to verify your data assertions. You are asking me to verify nothing in particular, but I'm not the one throwing around fictional stats from mysterious sources.
chick-in-charge at Blue Blood