Quote Originally Posted by gaystoryman View Post
Let me preface this with a simply disclaimer. I am not a program owner. NATS and the other stuff is all Greek to me. However I am an affiliate of sponsors who do use NATS, among others.

It also seems that some webmasters are unperturbed by the whole NATS issue, while other's are nearing a state of declaring all out war. Name calling, useless threads about who said what, or is doing what simply makes the issue more obscure and confusing, so could someone, without disdain explain a few things to a simple blond old man, like me?


1. What information has been put at risk? One thread said name, address, and email, but others are claiming far more, such as SSN and perhaps even banking information.

So to begin with, has there been any reported, verified, incidents of such information being obtained? Is someone getting tons of extra spam, or has their banking information been compromised?

2. How can I, as an affiliate determine if my sponsor is indeed using NATS?

3. Have any actual program owners reported break ins, where information MIGHT have been obtained? I know, that's a tough one, but has any program owner made public a claim that such an action might have happened?

4. Now I am not asking for evidence to take to court, because by then it would be too late, but is there anything other than a report of 'what might happen' if such and such isn't changed in the admin?

5. As an affiliate, what steps are there in place by program owners now, to insure that my information is secure? I read Luke's thread, but am wondering, should I be contacting the program owners, or should they be contacting me?

6. There is talk about some 'back door' exploit, but how do I know if any other similar programs are subject to this exploit, as is currently happening to NATS?

I am just the poor schmuck who tries to eek out a living off your product, so I wonder, does it even effect me, or is this just something you get to agonize over, and if not, why isn't there more hard evidence being discussed? Or is it that many sponsors are simply ignoring the issue, or refusing to discuss it for some unknown fear or phobia?

Now I know, hard evidence is not always easy to get. However, there was fairly clear evidence that the Japanese were going to attack the USA, and no one quite bought into that, until December 7. Kind of too late then, so I am not asking for such proof, but more of why some are so worried, what authentication is there that this 'break down' has created danger? Have sponsors not closed the holes, or does anyone know?

an interested third party. :morning:



1. What information has been put at risk?
Confirmed Risks : Early reports suggest that the vulnerability exposed administrator credentials for the NATS system. If exploited, attackers could potentially access:
Affiliate names, email addresses, and physical addresses.
Financial details (such as payment methods or banking info) stored for affiliate payouts.
Sensitive program data, including user activity logs and potentially SSNs for tax purposes in some regions.
Verified Incidents : While specific cases of compromised information remain largely unconfirmed, there is credible concern based on reports of vulnerabilities in unsecured servers hosting NATS. Spam or targeted phishing could arise from exposed email data, and worst-case scenarios involve misuse of banking or payment details.
2. How can I determine if my sponsor uses NATS?
Look for NATS branding in affiliate program dashboards (login pages or footers often display "Powered by NATS").
Ask your program contact directly if they use NATS for tracking and affiliate management.
Review affiliate documentation or payment instructions for references to NATS.
3. Have any program owners reported break-ins?
Public Statements : Few p
What We Know : Reply
4. What evidence supports these concerns?
The vulnerability is based on credible claims about
Consider
5. What steps are program owners taking to secure their information?
Program Owners' Actions :
Patchin
Enforcing strong pass
M
What You Can Do :
Co
Req
Review payment
6. What about similar programs and backdoor exploits?
The "backdoor" refers
As a
Does this issue affect you?
Yes, potentially. Here's why:

Data Exposure : If your information is p
Revenue Impact: If programs face
Why the worry and lack of evidence?
Some program owners
The lake
Final Thoughts
Your concerns as an affiliate are entirely valid. While sponsors are primarily responsible for securing their systems, proactive communication from your side can h

Iden
Asking direct questions abo
S
Think of this as a wake-up call to improve transparency and security in the affiliate