Quote:
Originally Posted by TheDoc
I just checked 2 programs using Netbilling, both Member Admins. Neither have credit card search forms. I checked phpmyadmin on one, and no field in the database for cv2, exp date or cc#.
Even the KB says it posts to the processor and you get a reply back if it is approved or declined. That's what it's for.
|
None of this means that the hacker did not install something else on the server to store the cc info elsewhere until they were collected, nor does it mean that the data was not compromised as a direct result of the NATS breach. No one knows partly because TMM is not being forthcoming with detailed info. So far, all we have out of them is denials as to what supposedly did not happen, what did not get breached and who did not do whatever. They have apparently now had almost a years and a half (18 mos = 1.5 years) to investigate the matter and they still claim to not know what the deal was or exactly how it happened.
This whole "Oh, the CC data is safe, but everything else on the servers is toast!" is just bullshit. Its like this constant splitting of hairs that - "Oh, it wasn't NATS that was breached, it was a server in TMM's office that got breached. Stop pissing on NATS, M1B, you asshole!" At the end of the day, it does not matter whether it was John's server, is blackberry, his laptop or his cordless phone that was incompetently managed, nor does it matter what order the devices were compromised in. At the end of the day, the result is still the same. Data lost and people got fucked.