|
NATS hacker?
Just got this email, can't remember ever making a sale with these guys, but thought I'd pass it on. I don't visit a lot of boards so I hadn't heard of it
Hi Dan, Dave from SterlingCash.com here - you may have already heard about the situation regarding a compromise of data from sponsors who use NATS. If not, it's all over the webmaster boards so if you want a very long read, I'm sure you know where to go. At this point it isn't clear if our data has been compromised or not, but we are going to assume it has and react accordingly. As far as we see it, the worst case scenario is that our affiliate and member databases have been accessed by a hacker using a NATS admin account which is reserved for use by the NATS tech team. We disabled this account as soon as this issue was brought to our attention, and we have changed passwords on our other admin accounts. The affiliate data we hold is the information you may have entered when you signed up with us: your name, address, email address, and your ePassporte account name (but NOT your ePass account password). The password for your Sterlingcash.com account is not available via the NATS admin interface, but it is encrypted on our server. It is therefore unlikely (but not impossible) that your Sterlingcash.com password has been decrypted, so we suggest that you change your password as soon as possible. It would also be wise to change the passwords you may have on any other online accounts if you are using the same username / password combination. Please note that we use an email validation system for any affiliate account changes - we ask that anyone who has received any unexpected account change verification emails contact us immediately. We will be working closely with the NATS techs on this issue and will be in touch again if there are any new developments or useful information we can pass on to you. Don't hesitate to contact me if you have any questions. Please accept my apologies for any inconvenience caused, and enjoy the holidays! Regards, |
I got one last night from another sponsor:
RagingBucks Affiliate: Due to the recent NATS exploit that has been brought to our attention, we would like to advise all of our affiliates to change the password they use for our affiliate program. If you use the same password for any other sites, such as epassporte, please change your password on all of those sites as well. This is a wide spread problem that affected many sponsors that use NATS. If you are an affiliate of any other sponsors that use NATS we would advise you to change the password you use for those sites as well. We are working with NATS to make sure a problem of this nature does not happen again in the future. Your privacy is of the most importances to us and we wanted to bring this matter to your attention. If you would like to read more about what has happened and NATS' public statement go to: http://www.gfy.com/showthread.php?t=793881 http://www.gfy.com/showthread.php?t=794219 If you have any questions please feel free to contact me. |
Fucking Nats!
|
Thanks for the heads up! Does that mean all nats sponsors have been compromised?
|
Fuck sake, nothing is ever safe. |club|
Thanks for the info. :) |
Quote:
It appears that TMM's internal database of these admin logins was compromised. The fact that this information was even web accessible is appalling. A serious fuck-up by TMM, compounded by the fact that they knew there was some kind of 'hacker' problem many months ago and failed to inform ALL of their clients. |club| I spent a fair amount of time yesterday checking my account info for all sponsors I've signed up with that use nats. Not exactly how I'd planned to spend several hours yesterday. |banghead| "Fucking Nats!" is right. I think CCBill's new cascading solution may have a few additional clients after this fiasco. |
I received one from Island Dollars as well.
I already hate NATS and this is just adding to it. I probably now need to go thru all fucking accounts and change passwords just to be safe. Hours of fucking joy joy. This may be the time I need to look at the poor converting NATS (nearly all) sponsors and remove them even if they owe me money. |banghead| |
Quote:
Changing your pass is a waste of time until the individual programs have taken the necessary steps to lock down their NATS admin. Being a long holiday weekend, I'm guessing that it will take some programs until the middle of the week to get this done. The ones that you've not heard from regarding this issue are the ones to be concerned about. If you use the same user/pass combos elsewhere, you'd best be changing all those passes too. Have a nice holiday |banghead| |
One of the thing that I do in case something like this happens is use a different user ID and password on each program.
|
Toby, did not think about the ones I have not heard from yet. Thanks for mentioning that. Either way, probably should check them all out and then will have to go back later when they lock their system down. Yep, a little extra cheer.
Thankfully I do not use the same user/pass combos. |
Quote:
|
i just got an email from jaymancsh about that nats issue.
|
Quote:
|
Quote:
|
Dear Webmasters,
It has just come to our attention that the NATS user admin login (software provider) that is stored may have been compromised. Your personal data is important to us and as a precaution, we suggest you change your fetishassets password. If you have any questions, or need any help doing this. Please email me at: mick@fetishassets.com and I will be happy to help. Kind regards, Mick Derbyshire. www.FetishAssets.com |banghead| |
Damn I hate this .... most of my sponsors use nats too |banghead|
|
I need to check my stats for nats sponsors now. I don't think i ever did any good with them and now may be the time to call it quits. As for user names and pw's i have to go check them all out because i haven't had a single email about this.
|
I'm one of those dumbasses who used variations of the same user/password combo so I switched all of my non-NATS passwords today, as well as those few NATS sites that I actually see checks from. I never liked their pain-in-the-ass interfaces anyways, and since they basically suck as far as earners go, I won't bother with them for any new ventures.
|
i'll second the notice from jaymancash, thank god i don't use many others.
killing my entire night checking sponsors :( |
What exactly is it that they can retrieve about me? There's nothing I give out to a nats sponsor that's too secret, I think. It's not fun, for sure, and a breach of my privacy, but I'm not sure how it can hurt me exactly.
I never use the same login/password for anything, so they can't access my epass or paypal accounts or my servers or anything. |
Dear Patrick,
As I am sure you are all aware by now either from monitoring webmaster communities or from multiple sponsor program e-mails there is a potential security breach issue involving all programs who use NATS software to manage their affiliate programs. We are not going to BS you and tell you that we are not affected by any of what is going on because the simple truth of the matter is that at this time we are unsure as to the effect this "breach" has had on our system. We can tell you that we do monitor our affiliate program very closely and have not noticed anything out of the ordinary at this point; however, it is not improbable that an issue could have occurred and has not been revealed to us at this point. We are working around the clock with NATS and our server company to review activity through our admin access and will notify you of any changes that come to light. We do, however, highly recommend that all affiliates take this opportunity to log in and change their login password to safeguard the security of your account. We recommend affiliates do this on a regular basis anyway but this situation gives us all a reminder to stay on top of password changes. As for our responsibility please be assured that we are working through the holidays to keeps tabs on this situation, we have already put IP blocks up and limited access to our admin area and continue to take all other safeguard measures recommended to maintain security of our affiliates and our program. Sincerely, Vegas & Angel MadMoolah.Com ICQ: 243-499-827 |
Quote:
|
I can only change three or four passwords before I feel like breaking something and go on to something else, at this rate it will be New Years by the time I'm done.
Fucking NATS is right |
Quote:
|
i think i just drop all nats sponsors, i dont like to change things and with all the info i have readed about nats now and before i think its no good to use them.
|
Quote:
This probably sucks if you have bank wire info in there (but doesn't that just go one way?), but other than that what else can they do? Between NATS and Epassporte it's amazing anyone stays in this business longer than the first month they start |
I just got e-mail from massivedollars.com -the same thing !
|
Quote:
Quote:
Go ahead , and try playing with my account. I bet I know a merc living not too far from you! 100s of sponsors, and a lot of them are NATs. This is going to take awhile.|angry| |
It sure would be nice if someone from NATS would address this issue on this board.
I refuse to wade through all the shit at GFY to see if they have addressed it there |
Quote:
It's up to each sponsor to in turn contact their affiliates with proper instructions. Some sponsors already had taken precautions that prevented unauthorized access to their NATS admin. Some that had not, don't show any evidence in their logs that there was any unauthorized access, and others do indeed know their admins were accessed and at the very least email addresses were taken. I've still not heard from over half of the NATS sponsors I'm signed up with. Those that I haven't heard from by Friday morning will be getting an email from me asking why. |
Quote:
If someone changes your payout - depends on your payout - yes, they may be trackable but the chances that you get your money back are slim. If they have your epassporte account and manage to get your password (not going to give ideas on possible ways to get that) but let's imagine they do, well your money will be gone and there's no way you'll be able to recover that. One way to help prevent that is that you all go into epassporte and apply the new security features they've put in place. If they have your banking details - there are ways they can get your money, all depends on how your bank works and the security measures they have in place. As for what is available - from what I see, it's your name, address, SSN (if you're in the US) and your payout method. If you are a foreign webmaster, the SSN isn't a concern. As for members - depends on the postback from billing companies but example - we only see name, email & postal code with one biller and only email & postal code with the other biller we use (the two billers we prominently use). No creditcard details are received by us, therefore, not stored on our servers - hence no possibility of it being compromised. **Hope that helps** |
Quote:
Thanks again |
Quote:
|
Quote:
**check if your email is updated - whitelist all your sponsors to be safe** |
Quote:
|
Hi Patrick,
There has been some recent concerns with some Nats security issues. We assure you we have always kept your infomation safe. We went through various webmaster accounts and made sure they weren't being accessed by any weird ip addresses and did not find anything. We took all recommended steps to close this exploit and prevent any data from being compromised as soon as this issue was found out. We are also taking extra steps now to make sure your information is secure. Also when we process payments we make sure the info has not changed and if it has we contact you. To be on the safe side we recommend that you log into your IntenseCash account and verify that all your data is correct and we suggest you change your password immediately. Please use a strong, random alphanumeric password that is unique. Many webmasters use the same password for all their sponsors. We advise you to never do this you should make each password unique to each program. If you want to keep it simple You can maybe use initials of the program like IntenseCash would be ic and throw them in your password somewhere. You could do this for each program and make it a bit easier to keep track of passwords. Be assured this issue is on the top of our priority list and we have been following everything very closely. Please visit our message board Gay Main Street if you want to follow this issue more closely. You can also contact us with any concerns or questions you may have. Thanks for your cooperation in this matter. Thanks, IntenseCash Crew URL - http://www.intensecash.com MESSAGE BOARD - http://www.gaymainstreet.com EMAIL - mark@intensecash.com ICQ - 191604661 |
I've read alot about how a hacker could have access to logins/passwords and banking info but does anyone know if they had access to affiliate addresses and SS#'s? I haven't seen anything about that anywhere and that's what scares me the most.
|
Quote:
|
Yes, but I never saw a sponsor asking for your bank info there. Basically, I wouldn't give a sponsor any info that I deem to be too sensitive because, well, you never know, anything can be hacked these days.
|
| All times are GMT -4. The time now is 10:18 AM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc