Is your NATS hacked ?
 

are there any nats sponsors who havent been compromised ?

seems like every sponsor who has commented has been compromised, just curious as to if anyone who runs nats that didn't get compromised by a nats employee's user/pass

I find it odd that NATs insists on having admin access...


Doesn't NATs also own a pay site program (Teen Dolls)? Would seem to me that having a free list of verified emails of people who are willing to pull out their CC to join a site would be of great value to them.

Not accusing them of anything, just some food for thought

hrmph, im hungry

threats of lawsuit in 10, 9 , 8 , 7 ...

i find it odd they would allow an employee one user/pass to get into every nats sponsor.

i find it doubly odd that nobody from nats noticed this account had been compromised before it was posted on gfy.

I find it even more strange that there are not any security measures in place that would have spotted this ( i.e. hourly logins from the same employee on almost every nats sponsor so far ) in laymans terms how an employye could log into several nats sponsors at the same time using the same account.

shouldn't any of these things raised more than 1 red flag ?

as far as affiliates are concerned , should we be worried we will now become targets of identity theft ? what plans does nats have on informing affiliates who's information might have been disclosed.

what information can any sponsors provide that might shed some light on what information is available to the nats employee's account that was used to login ? ( i.e. ss#'s ? passwords ? )

sue for what.. pointing out the obvious conflicts of interest.

hope you didnt pay much for your law degree

shit waddeye miss? ... time to search

a nats employee's username was used to login and most likely steal information from quite a few nats sponsors. infact theres only one sponsor i have heard of using nats that hasn't been compromised , and only because they manually disabled nats employees from logging onto their server

My god you are such a fucking idiot.

A nats employee who last posted on the Nats board in August but then started posting elsewhere looking for freelance jobs in September?????

why anyone uses nats is beyond me:2 cents:

i wonder how many affiliates who used nats sponsors had their epassporte accounts stolen thru info obtained from this compromise ? it would explain the rash of epassporte thefts.

Not likely. Programs don't ask for your epass password.

Gotta be a real fucking idiot to be using same password everywhere in first place.

Why the hell would they do that? So they can make a quick $10,000 and loose out on the millions they will make in the future with nats? I buy trials every now and then and if i saw them spamming me with their sites I think it would make for pretty huge drama that would spread within a week max. The Nats guys are all stand up guys.

do you think it would be easier to hack an epassporte account knowing all their personal information ? :winkwink:

also take into account that many sponsors created the epassporte accounts for their affiliates ( perhaps with the affiliates current password )

now obviously using shared passwords is a big no-no but thats beside the point. ideally everyone should have a deadbolt on their door , but i would think if your locksmith's key was used to get in you first look at the locksmith

Stats and client information are the most coveted of things a program owner can have. Why people that use NATS chose NATS is pure stupidity.

I said it 3 years ago and I am still saying it.
People called me an idiot then, and will probably call me an idiot now for saying so...

And to this day I still say I told ya so.
No sympathy from me.

Dumb is dumb.

I was referring to John from nats, How he starts threatening lawsuits and using legal jargon to try and shut people up.:1orglaugh

John and lawsuits have a ring to it lol

:1orglaugh:1orglaugh

yer freakin nostradamus :winkwink:

i think many sponsors use nats because

A) its pretty easy
B) alot of other sponsors use it so for affiliates its easy to navigate.

those arent of course very good reasons , but understandable anyways.

having a standard sponsor software will always lead to troubles when you have a compromise like this .

Alienq invented hacking nats

Right on the fucking money. :2 cents:

Remember the TrafficHangar incident and how many have been affected?

Didnt see this thread at first, sorry...

Posted something similiar here as well:

http://www.gofuckyourself.com/showpo...&postcount=184

seems like a few sponsors would be glad to pipe in that their nats wasnt hacked unless everyone was hacked except those that banned nats employees access.

Epassporte hacks are usually someone using their Epassporte account password as their affiliate account password. The affiliate Db gets hacked and the hacker just has to trial and error his way through the DB...

Instant cash.

Then see where you bank if you are one of the wires types and use your password there too. Again.. easy money. Especially if the hacker can gain access to an account as the same bank... Transfer all your money with a few clicks...

Of course, every time this happens the guy who got fucked in the ass says he didn't use the same password. Yeah... Way to save face pall.. We all know you did. No use lying about it!

oh jesus christ does NATS really store the affiliate passwords in plain text for an admin access user to view? Tell me that's not true. Please, really. Can anyone confirm?

Brad

i dont know about usally but i'm sure it happens this way quite often , but prob just as often it is other things further down the line , like once they know your epass account name = (affilid+sponsorname) + users real email they have ALOT more to go on even if the passwords are different ( besides having all your personal info needed to steal your identity )

gotta wonder how the "head programmer" of nats lost his password :Oh crap

you would think that would be a pretty important password to lose when it means you can backdoor every nats sponsor and walk away with a kings ransom in data.

you would also think it would be a pretty hard thing to miss for so long , the head programmers master backdoor is compromised and nobody notices a thing . :Oh crap

Even if it's not plain text, it wouldn't take too long to brute force crack some common passwords such as 'coffee' or '12345'. As a bonus, they're probably the most likely people to use the same pass everywhere. :Oh crap

So, what I'm hearing is anyone using NATS who didn't disable TMM's access to their servers has the personal information of their entire user-base and affiliate-base compromised?

:Oh crap

Exactly!

Sounds like someone should be sueing Nats right about now.

Sorry I missed this before my first post in this thread... was kinda dumb-founded at the fact that I blew that thread off this morning as "another drama thread."

As of the last time we used NATS (a year ago), and as I can recall, all affiliate and user passwords, usernames, addresses, epass account names, etc. were stored in plain text.

:(

Someone please correct me if that's not the status quo.

Would this include banks and account numbers for wires/ACH? I'm just a tad worried that my company's banking information is sitting in the hands of a hacker right now. I'm hoping it's somehow protected though.

Also, what about stuff like SSN? My company uses a FEIN but I'm guessing some still use their SSN.

I'm in NO WAY saying Nat's are the one emailing the members... not at all. I think (to myself) with the answers we've seen here, it's pretty clear that John might be arrogant, but I doubt he's guilty of this one.

But having access to emailing 50 % + of the surfers paying for porn will bring a lot more money then $10 000. It's totally targetted surfers, the perfect list.

I'm sure lots of people could be willing to spend a tons of cash developping a technology to hack into that kind of data.

The webmaster epass stolen could also be explained.

my guess would be yes, if the account passwords were not encrypted then i dont know why they would encrypt the banking info.

besides if the password is there the hacker can just login with your account and see the banking info if its available in your settings.

doh!!!!!!!

NATS is fucked

it has so many flaws

why sponsors use it is beyond me.

No, members passes are cleartext by default. Affiliate passwords are two-way encrypted. What I don't understand is why the need for two-way encryption? To reset an affiliates pass if they forgot it in the backend is nothing, so 1-way encryption would have been far better. John posted in another thread that this is to be included in NATS4. Shame it wasn't sooner IMPO.

All I can say is SQL Injection.

Bang on the money.

They already have pending law suits.