AVN: NATS/TMM Breached for More Than a Year

i think i will pass on posting that thanks

lol good god man, too bad nats didnt tell you first..
you obviously know very little about servers, if your database is slow then your sites contacting it are also slow..



wow something even an imbecile could do . but nats somehow couldn't
yes actually i did , you made a false statement exaggerating what was said in the article, i pointed you straight , now you are bitching about it.

nope , do you own a vanilla ice album ?
speculating about what ? i have been inside nats sponsors as an admin yes , so i know what can be done.
don't know what could be worse than someone that could take all your credit card signups until you noticed.. thats about as bad as it gets.

but hey dont trust me , let me run a javascript on your signup page and find out.

thats just your opinion i suppose , i have been here since the internet started and i would rate it as pretty deep, and we wont know how deep until each and every sponsor has been hand checked or upgrades

then how in the world would you say a price structure of emails in the article was wrong if you have never bought them.

thus the large elaborate hack to steal emails was worthless
people buy and sell emails, really ? omg i didnt know that ..

and this would be coming from your experience in never buying an email list ever.. ok then..

you have been reading those "1 million emails for $10" spams again havent you. LOL




lol i dont want to buy yours you already admitted you got hacked so yours are now worthless.


obviously, because you fail to realise thats about what they cost
so you make up an exaggerated story and a fake promise to sell your emails



ok then. lol


people get broken into every day , but if your house was broken into because someone hacked your alarm companies passwords and they knew about it but didnt notify you , perhaps its time to find a new alarm company ? just a thought.

Now i'm certainly not advising sponsors to drop nats , do what you think is best , but if you dont factor trust into the equation you are asking for trouble..

thats exactly what happened. a couple people mentioned reporting to nats and being told it was their password not nats , only to get rehacked several more times.

I don't understand this.

They were "aware of the problem a few months ago". Wasn't "the problem" that someone get access to the master list of NATS admin account info for each client's server ????

So the must have thought that someone got access to a couple different client's NATS admin login. So they "fixed" the problem by deleting that account?

Is it me or does all of this sound like bullshit? unless there was a different problem happening "in the past" then it has to be the current problem which was a list of NATS admin accounts that got released.

Why didn't they check their other clients accounts? If what i said above is the case, why didn't they just for 1 second entertain the idea that maybe something was breached on their end and it wasn't each client independently that was the fault or source of the problem. Why not just take 5 mins and randomly check a few other clients and see if the problem was happening to anyone else ?

I don't get it?

They were confident they had fixed the

Damn Smokey...I didn't realize how fucking stupid I am. And how smart you are. Who are you again? And what do you run? And what site were you the admin for NATS with? I'm not asking that in a mean spirit. But since you know so much more about the internet than I do, I just wanted to know who I'm talking to.
You can offer your opinions all day long. Show me how successful you are by identifying yourself so I can know how much weight your opinions hold.
I have told you what the reality is. You can continue to make conjectures 'til the cows come home and it doesn't mean anything my friend.
I see things differently if you don't mind. I see the whole situation as me being responsible for myself. I don't need NATS to tell me that my shit is being broken into. And that's exactly what I did. Yes, we asked questions when we saw strange things.
But I didn't expect some third party rental software to give me answers. And sure enough they didn't. So stupid ol' me, who obviously doesn't know shit...well we took care of it ourselves. It was pretty simple to take a look in mysql and see what was happening and handle it.
It's nice to know what happened after the fact. And I'm very interested in finding out when everything washes out. In the meantime I'm just gonna keep making money. I could give two shits if it's with NATS or some other backend.
Now please, let's stop quoting each other. You are obviously some old school guy...maybe one of a handful who have been around longer than me, and you are toying with me with your vast knowledge. I surrender.
I would just like to say...unless somebody has a positive direction to go in then it's all just negative.
My solution is FIX THE PROBLEM. Then direct your energies back to making money. And people should do whatever they think will make them the most money.
If nobody wants to promote NATS sites. More power to you. If you're scared that some hacker is going to steal your info...I don't blame you one bit. If you think there is a better backend that can not be hacked and/or would alert you much faster so you don't have to worry about your own security, then please only promote the sites that use that backend.
Everybody has their own preferences and their own ideas on how to make money.
And again, I don't know who you are. Smokey The Bear? Okay, you're either a cop or a spokesman for firefighters! LOL! I'm just kidding with you.
But my name is Robbie. My nickname is "Robbie". I was born "Robbie"
No smoke and mirrors here. Just me explaining how I see this whole thing.
If you think this is a big deal...then more power to you.
I don't. Maybe I somehow got "lucky" and just happened to know a few things that went down over the years that you weren't privy to somehow. Who knows? Who cares?
Let's all make some money and feed our families. This "crisis" is past for the moment. Maybe tomorrow somebody will hack it again. How can any of us know? Maybe tomorrow somebody will hack a major bank again.
Can't predict the future. But I can deal with it when it comes along.
I wish everyone else lots of fortune in 2008 and keep a positive, productive attitude and be prosperous.
Later guys...

That's funny, best out of context text ever!

I have had to keep posting, if you guys were to keep going so much bad and wrong info would have been posted by now. My god, so much wrong info has already been posted that I have had to prove was wrong, like this cc info - it still isn't dead, should be now though.

And us program owners have known this forever man, you guys think it's a huge conspiracy of sorts. Please, program owners are just happy it's fixed so they can be the only ones spamming the members. Their friends are buying the lists and they don't care, don't you guys get it at all?

And my data, was secure, like lots of nats programs we had proper protection in place. So I think you guys attacking NATS in general hurts my program and other protected programs.

So yeah, I will continue to post as long as you guys continue to post wrong information or people ask questions.

None of this means that the hacker did not install something else on the server to store the cc info elsewhere until they were collected, nor does it mean that the data was not compromised as a direct result of the NATS breach. No one knows partly because TMM is not being forthcoming with detailed info. So far, all we have out of them is denials as to what supposedly did not happen, what did not get breached and who did not do whatever. They have apparently now had almost a years and a half (18 mos = 1.5 years) to investigate the matter and they still claim to not know what the deal was or exactly how it happened.

This whole "Oh, the CC data is safe, but everything else on the servers is toast!" is just bullshit. Its like this constant splitting of hairs that - "Oh, it wasn't NATS that was breached, it was a server in TMM's office that got breached. Stop pissing on NATS, M1B, you asshole!" At the end of the day, it does not matter whether it was John's server, is blackberry, his laptop or his cordless phone that was incompetently managed, nor does it matter what order the devices were compromised in. At the end of the day, the result is still the same. Data lost and people got fucked.

Man, this as any other NATS thread has so much spin to it that my head is all dizzy just reading some of the responses of the usual suspects...

Slowly that rug is growing to a size that someone might actually stumble / fall.

Now THAT is what I'm talking about! fuckingfuck...you are the man! None of this pussy ass whining shit for you!

NObody ever had access to a server and this is impossible through the admin.

No, we are able to exactly see what they are getting.

I said before this isn't new, nats has been the target of several exploits. I'm sure those exploits is what lead to the first nats pw leaks, duh.. Then NATS getting hit 2 times didn't help either.

You are correct and NATS got hacked and they did the legally correct thing and let all Clients know. We can only hope he learned from the lesson, just like 100's of owners learned that security is your responsibility.

I know from each hack/exploit that I have had from the 10+ years in this business I learned and improved each time. Live and learn.

When NATS was sold to the industry, it was pitched as tool to keep the program owners honest by stopping shaving. TMM worked very hard to spin this on the boards and pretty soon affiliates started demanding NATS-based programs. The idea was that John's software, which could not be touched by the programs - would be unshaveable. Thats all good and well and had it actually functioned that way, it would have been a good thing for the industry. But these kind of things never work out this way.

Anyone who has taken college level (for that matter, probably high school level as well) courses in government, public service, democracy, world history and the like knows that concentration of power is a dangerous thing. We saw this in Nazi Germany, here in our own country and just about everywhere else throughout the world. The thing is that TMM was saying to affiliates: "Hey, trust US. We have YOUR best interests at heart. We wont let you bring in an independent third party to audit our code to prove this, but we do. You don't wanna get shaved, do you? What? You still don't believe us? You good for nothing board whore, if you publish that, We're, gonna sue you for libel!" and this has worked for a long time for TMM. They have made a good run of scaring their critics into silence and programs into using them. And this concentration of power led to the ultimate in lax, completely incompetent security: a list of passwords sitting on somebody's server.

Given the choice between NATS incompetently managing my personal data and the possibility that a dishonest sponsor *may* shave sales, at the end of the day I'll take the possibility of shaved sales. Its a small price to pay. First off, most program owners are honest, most of them are very generous with their affiliates and most of them would not consider - so its not even a really large risk. Second, dishonest people always get caught at their games eventually. iBill's greed eventually caught up to them. John's incompetence and/or crookedness has caught up to him. If you believe the story that PornGraph was actually sold before the trojans went on, then you can see it caught up with the new owners as PG is no more. Finally, program owners who fuck their affiliates through shaving probably fuck their employees, contractors, business partners and talent as well. By proxy, this means they likely already have a bad reputation and everyone knows who to stay away from anyway.

that had abolutely nothing to do with what I posted. I never made 1 false accusation. Yes Doc we get it, everyone's personal info is all ready all of the net, all programs get hacked, the people only took emails and didn't touch anything else, and all nats servers are completly ok now. I don't even know why anyone should have posted about this Nats issue in the first place, after all it happens to all companies.

So what is it you do, provide rss feeds or something like that for nats ?

I wonder how much NATS is paying their lawyers to read GFY print outs?

No, I don't provide rss feeds for TMM, I created my own NATS plugin that attaches to NATS, rebuilds your hosted galleries, allows for auto updates, and much more. NATS doesn't support it or sell it, they complete with me on rss dish.

I have it for MPA3 too, if that was your point.

It's fine that it hit the boards, it's good that it was corrected. The problem is it has been corrected, it's not a problem now, but you guys just won't drop it and keep dragging it through the mud.

Of course you don't care, you don't own a program.