AVN: NATS/TMM Breached for More Than a Year

Damn Smokey...don't be haterizing on me.
I read the story. I think it's been embellished to make it sound good. That's all. If you read it and believe it word for word...that's cool. Bottom line is NATS got screwed with. All our members got spammed with emails. Fucking sucks. Life goes on. Fixed it and keep making money.
Are you guys cool with the "On the black market, email addresses can be sold for 20 cents to several dollars each." line too?
I think that almost any webmaster who owns an affiliate program can tell you the TRUE price of email addresses...yes, even member site data bases. That shit gets traded around all the time in case y'all didn't know that.
Hell, I use Spam Arrest to keep my email free of spam...and yet when I was on the phone with a very prominent internet company that we all know and love and was telling the owner to make sure to verify himself because I used Spam Arrest...he laughed and told me that they had offered their entire data base to him the week before for a few hundred bucks! In other words his emails would go right through the system without being stopped! Hell, even I was shocked at that! LOL!
What I'm trying to say is that this "news" story is severely exaggerated in some of the things it is saying. I hate when people do that, because in my mind it takes away the credibility of a story that is important.

Is minusoneclue really gay?

Oh my God!

then thats what you should have said, if you make innacurate statements like a person with admin access to nats couldn't cause the server sever load problems then i have to set you straight.

thats your bottom line , mine is not only did you get hacked which is understandable but you also failed to properly investigate or notify and still choose to smooth this over instead of fixing things.

I keep hearing "no credit card info was stolen " , unless nats has manually scanned every program for individual hacks that resulted from their OWN password list being stolen, then they shouldnt be saying that.. it is very possible a sponsor has had credit card info stolen.

that sounds about right

although the bottom figure is a bit unrealistic, a fresh unspammed credit card in hand customer email is gold.
i think if you are trading your "prime cut" emails you are silly and devaluing your own product.

REAL sponsors trade their no-rebills , no cc list they dont trade their fresh credit card in hand members list.


i think YOU severely exaggerated what was said. first you claimed they said the server was "brought to its knees" when this was never mentioned instead they said the server had sever performance issues . thats what is called an exaggeration. then you questioned that one person could cause severe performance issues using an administration password , its clear they can.

Are you really arguing for the sake of it?

Nats is struggling to survive and may not make it, especially with the backlash developing in spite of their best efforts. Perhaps you can start an argument over that.

The program owners with an investment are naturally struggling to find justifications in keeping the software and are more inclined towards belief.... Maybe that too is something to argue about.

They have much to lose and gain in this and their defenses and arguing are expected, though maybe not entirely logical.

From the affiliate level we don't actually have much to gain or lose except to take notes as to who is alert and who is burying their heads in the sand.

So why all the argument over tiny points when the main issue is clear and incontrovertible?

you tell me

let me explain it to you. keith kimmel is a sick man. his own parents refer to his 'psychiatric condition. one day he is going to 'destroy the adult industry' the next day he is posting his twistys stats. keith is also a criminal and a wannabe terrorist. i am just searching for the thread where he brags about considering 'shooting up a mall'

bump the threads in my sig so we make sure no one ever takes this lunatic seriously

Smokey...how do I go into Nats and bring my server down? We had the exact same thing happen to us. We noticed it immediately. Not because our servers were slowed down...Good God man! Our NATS database has it's own server. There ain't nothing it can do to slow our sites down!
We noticed somebody in there and took our own steps to fix it. Quick and simple my friend. You didn't "set me straight" on anything.
Do you own a program and it's running NATS? Or are you just speculating my friend? I'm not trying to be disrespectful...it's just that I've seen much worse things happen before. If this were an earthquake it wouldn't even register on the Richter scale compared to some of the shit that has happened over the years.
And by the way...I NEVER said I have ever sold or bought a single email address. Contrary to what some may think...I personally don't see any value in them. Don't do email campaigns and never will. I HATE fucking spam.
What I said is...emails are bought and sold everyday. And people who are really in the biz know that. It's always been so. And HELL NO they don't cost no 20 cents a piece! More like 20 cents per THOUSAND.
And members area email addresses? Golden? If you think so. Hell, maybe I will sell mine after all. How about that 20 cents each deal? That's a lot cheaper than that dollar quote in that story! Come on man! I'm gonna make you rich! I've got thousands and thousand of members emails! Just think of all the money you'll make!
By the way, I'm just kidding. I would never sell those email addresses anyway. I'm just trying to show you that there is exaggeration in that story. And no, I'm not the one exaggerating. I'm the guy quoting the story and questioning it.
And Chimera1 you said: "The program owners with an investment are naturally struggling to find justifications in keeping the software and are more inclined towards belief.... Maybe that too is something to argue about.

They have much to lose and gain in this and their defenses and arguing are expected, though maybe not entirely logical."
Gain? Lose? This doesn't change anything for a program owner. You fix the problem. What else do you do? Everybody and anybody and anything can and will be hacked.
I'm not gonna cry and go home. I just had the most profitable month in my life in Dec. Now Jan. is starting off even bigger than Dec started.
I'm looking full speed ahead baby! And if some asshole hacks NATS again...We'll all fix it again. Same as any other backend.
One real good thing came out of this. It showed everyone that we all need to be more diligent and not depend on a rented software to do our work for us in protecting our shit. There's the silver lining. A lot of us didn't really give much thought to that before. Now we've turned our attention to it. And that's a good thing right?

Spot on. Its wise to keep notes on that as well.

But I think as affiliates we also should be concerned about the breach of our personal data. No one knows just how much information was lost from the customers side of things, but we do know that NATS stores all of our affiliate data to include bank routing and SSNs/TPIDs and we do know that the perps would have had access to that. Did they get it? Again, no one knows.

TMM is not being cooperative, they are not addressing their customers saying thats on the advice of counsel, but they are giving statements to the media. Most lawyers I know would not give advice to avoid your customers but talk to the media, they'd say take care of your customers but be careful, or they'd say don't talk to anyone at all. So the "on the advice of our counsel" line is simply another way of saying "no comment", and no comment as we all know is used to avoid questions we don't want to answer because an honest answer would make us look bad somehow.

To be honest I do not know this person. I really don't care to know him.

I am curious why you are arguing with a person you deem mentally incompetent? That is not logical, nor is it productive.

Again, I say are you guys arguing for the sake of hearing your jaws work or your fingers type or is there some pathology involved?

I would certainly hope people could separate news from the bearer. AVN has my vote of confidence in this matter at least in so far as being legally and factually correct in quoting the statements they did.

I don't feel that arguing with a person you deem unstable is going to change that person's mind or their actions.
There is personal and there is business. So which is it?

Very true. NATS has the ability to work with a program's own billing setup. Not everyone uses 3rd party billing for everything. Just to keep everyone informed.

--edit
cchash?

umm, programs that use the nats that have their own merchant accounts can access their credit card data through their admin. they have a "true cascade function" where the consumer doesnt have to enter their credit card data in after the firs time

you think nats was cISP compliant?




http://kb.getnats.com/idx/15/148/Bil...r_gateway.html

NATS supports this feature with CC and ACH gateways. This article explains how to use this feature.

Specific variables for Credit Card sales:

enddate_month - CC expiration date, month
enddate_year - CC expiration date, year (XXXX format)
cc - CC Card Number, no dashes
cvv - CC CVV2 code