How Do You Feel About ID Theft And NATs?

[Lee]

Well it seems like NATs maybe isnt the great affiliate program it has been made out to be, i got a phone call earlier telling me to check out GFY about the thread detailing how affiliate programs using NATs could be accessed by someone and all affiliate and surfer data could be stolen.

How many of you folks use programs that utilize NATs and how concerned are you that your personally identifiable data could have been compromised?

For anyone wanting to follow this 'as it happens' here is the thread on GFY:
http://www.gfyboard.com/showthread.php?t=793881

I remember saying a couple of years back on GFY that NATs shouldnt be trusted 100% as data and shave proof but everyone laughed when i said it, now it would appear 2 years on, i was right.

Of course the much bigger issue now, with TMM also now owning SegPay, how much of the data availble in the SP database is also vunerable, customer accounts, social security numbers, webmaster names and addresses etc.

Regards,

Lee

[gaybucks_chip]

We use NATS.

From what I understand, a very large number, if not all NATS programs (including ours) were affected. As soon as we became aware of the issue (today), we followed the instructions to lock down our NATS program.

The really irritating thing is that TMM has known about this issue for months, but claims they "thought it was limited to a few users" and they threatened to sue OC3 networks (which OC3 told them to fuck off), and then OC3's customers (who asked OC3 to stop) when OC3 started publicly speaking about the issue several months ago.

To be fair to TMM, from everything I've read and understand, there is absolutely no connection between Segpay's systems and the nature of the exploit in NATS, so I would very seriously doubt there is any possible way that any Segpay data could be compromised... it would be no more likely than, for example, CCBill or Epoch data (neither of which is kept in NATS) being compromised.

Nonetheless, this is a very, very serious problem, further compounded by the longstanding lack of transparency and arrogance on the part of TMM.
There's some pretty serious groveling going on over on GFY -- TMM must have either gotten the fear of God in them, or else hired a crisis PR firm, because I've never seen anything remotely this conciliatory and humble from them ever before.

Only time will tell what the outcome is. Once again, the problem itself is forgiveable; every company has hacks and exploits, but what seems to be most upsetting to people is the fact that TMM knew about this problem and didn't notify anyone, and further threatened to sue someone (OC3) who had done extensive research and identified the problems and attempted to bring them to the attention of both TMM and the adult community.

[jIgG]

nats deserves to be sued out of existence if they knew of this for months. fuck em

i might get one of those credit monitoring thingies
or just freeze my credit

[Chilihost]

Yeah, I agree. I am a huge fan of NATS but if they really did know since August and did not give all NATS users a heads-up email, then they deserve to be sued.

[Squirt]

TMM knew of this issue since October 2006

http://www.gfy.com/showthread.php?t=671565

PBucks response on this thread in October 2006 was:

"Could be a NATS exploit, could be a hacker targetting NATS users and hacking with general random hacks just to get on the box then fucking with things.

We're looking into it with everyone involved."

So wouldn't anyone who purchased NATS between now and October 2006, that was not notified by NATS of the known vulnerability at time of purchase, have grounds for a class action lawsuit?

Surely it wouldn't take them 1 year and 2 months to still be "looking into it" right?

I hope, for those using NATS, that CCBill rolls out their cascading billing solution soon :thumbsup: