Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thousands of Adult Website Accounts Compromised

Posted by kdawson on from the how-not-to-handle-a-data-breach dept.

Keith writes "Tens of thousands — or maybe more — accounts to adult websites were recently declared compromised and apparently have been that way since some time in October 2007. The break occurred when the NATS software used to track and manage sales and affiliate revenues was accessed by an intruder. The miscreant apparently discovered a list of admin passwords residing on an unsecured office server at Too Much Media, which makes and maintains NATS installations for adult companies. It would appear that Too Much Media knew of the breach back in October, and rather than fixing the issue tried to bury it by threatening to sue anyone in the adult industry who talked about it." The article gives suggestions for anyone who opened an account at any adult website in the last several months.

7 of 167 comments (clear)

  1. Re:I'm sure they'll... by bl4nk · · Score: 5, Funny

    This penetration has thrust a large mess of members in to a new position, one which they probably aren't familiar with (unless they get off on this kind of thing). It's sad the industry has shrunk to the force of Too Much Media, and has effectively been boned. If it's lucky, the authorities will slap the cuffs on TMM, throw them in the slammer, and make them eat kumquats.

    Butt plugs.

  2. Re:If true, this isn't particularly surprising. by mochan_s · · Score: 5, Informative

    In addition, it's porn. Individual end users cannot protest very much without either A: Admitting they pay for porn online or B: being the subject of askance glances and the occasional, "Methinks he doth protest too much."

    You do realize that prepaid credit cards exist, right? You can set any name to it and use it. Since you don't have to have anything physical delivered and it's all online, then you can create fake names and leave out addresses.

  3. Re:I have a suggestion too by youthoftoday · · Score: 5, Funny

    You insensitive clod! This is Slashdot. You must be new here.

    --
    -1 not first post
  4. Re:Suddenly..... by Kamikaze+Chipmunk · · Score: 5, Funny

    Obviously not, now that your account info has been compromised.

    --
    If government were a product, selling it would be illegal. - P.J. O'Rourke
  5. Gift Cards by harlows_monkeys · · Score: 5, Informative
    This is what gift cards are for, available from numerous outlets (Safeway, Office Depot, Wal-Mart, and similar places). You can get prepaid VISA and Mastercard giftcards, which work great for purchasing porn, or other questionable things of an online nature, where you can't trust the vendor. A $50 card will typically cost about $55.

    After you buy it, you go to a web site from the card vendor, enter the card number and security code, and then set the user name and billing zip code. Then go wild (well, to the extent that you can go wild with $50...). Here's one such card that is available at a lot of places.

    There are also cards that you can refill from your "real" credit card, but then you are easier to trace. Might as well use a non-refillable card, purchased with cash. That way, if "all models 18 or over, proof on file" turns out to not quite be true, no credit card that can be tied to you will be in the site's records. :-)

    If that's not a concern, though, and you are just trying to limit exposure of your real credit card, then go ahead with the refillable cards. In fact, there are even some that are purely online. They don't provide a physical card. You just go to their site, sign up with your credit card, and they give you a credit card number to use online, with a limit of whatever you want to transfer from your credit card. Here is one such virtual card.

    NOTE: some gift cards cannot be used for porn or gambling, so choose appropriately. And some can be so used, but add a surcharge for porn.

  6. they should do... by nguy · · Score: 5, Funny

    ... more penetration testing

  7. RE: The Truth by Archon-X · · Score: 5, Informative
    Let me be the first to actually point out the key factors in the situation.
    I work in adult, and have worked with this CMS very closely for the last 2 years.
    I'm not on anyone's side, but unfortunately this problem has been surrounded by a lot of misinformation.

    • No credit card information was stolen. Website owners seldom [read: never] have access to this data, it's kept by the credit card processors
    • The information that WAS compromised was member information, primarily email addresses, for use in spamming. It 'makes sense' - a list of verified buyers is like the 'holy grail' for spammers.
    • The hackers used a list of admin accounts to poll everyone's CMS systems on the hour, and pull out this data. They have either covered their tracks well, or not at all, because they left reams of IP data, and you can see in the logs of the system itself, what information they've pulled.


    It is interesting and rather important to note: The poster of the blog article is an absolute douchebag. I'm not happy with the situation obviously, I had my own system compromised, but this guy is an idiot on a warpath - 95% of what's written on his blog is off in the fairyland.
    He fails to mention that he's hated by the industry, mainly for the reason that he posted 300 username / password combinations of webmasters publically, which resulted in a lot of them having money stolen from online accounts, etc.
    More intelligent ramblings from this guy: My Guide To Tax Evasion - Why The Unibomber was right

    Summary: The breach was real. Scope seems to be limited ONLY to member data. Signed up? Expect some spam. Signed up with a password that you use on all your accounts? check your head, change the passwords.

    Read more about our friend "minusonbit" - here - on an industry forum and judge for yourself.