Too Much Media Comments on NATS Security Breach - GoFuckYourself.com

DVTimes · 12-24-2007, 08:48 PM

http://www.xbiz.com/news/88230

FREEHOLD, NJ ? Too Much Media, creators of the NATS affiliate tracking software, confirmed that the company has been the victim of a security breach through which an unspecified number of NATS clients? data also has been compromised.
?We have been made aware that we may have been a victim of a security breach in which access was made to one of our servers,? Too Much Media co-founder John Albright told XBIZ. ?It appears that certain non-unique usernames and passwords we maintained for administrative support of our clients were compromised.?

Albright said that in light of the breach, ?all passwords have been changed and passwords will be no longer be maintained by TMM.?

According to Albright, no credit card information was at risk due to the breach, and that ?preliminary indications are that the hacker was after email lists.?

Asked how long TMM had been aware of the breach, Albright said that there had been a ?lot of misrepresentation [as] to this,? but verified that the company did ?become aware of an issue a few months ago.?

?We had determined what we at the time thought to be the extent of it and notified those who were affected,? Albright said. ?Also, as a precaution, we changed all of the admin passwords we maintained regardless of whether we had an indication they had been compromised or not. As soon as we became aware of the issue being more widespread we immediately contacted all of our clients and took the actions mentioned previously.?

Albright took exception to the notion that the company had not notified its clients in a timely fashion, and defended the company?s actions as being appropriate given the perceived degree of the breach?s severity at the time it was first discovered.

?This is something being misrepresented by people,? Albright said. ?We take our security and the security of our clients very seriously. [W]e contacted everyone we thought had been affected when we first knew of the issue and we contacted all clients as soon as we learned the issue was more widespread.?

Asked what NATS clients should do in the short term to improve security on their end, Albright said TMM is ?recommending all clients utilize the admin IP restriction feature which has been available in NATS for some time.?

?Many clients had already taken advantage of this and other security features in NATS and were not affected by this breach,? Albright said, adding that TMM has been in touch with their clients in order to gather information and to advise their clients about what steps to take.

?We have asked via statements, emails to clients, and news items posted in the NATS admin news and on our website that people submit a support ticket so we may advise them of the best actions to take,? Albright said. ?We have also taken actions on our end to change all passwords to any installs which may have been compromised and we are no longer maintaining those passwords. We have modified our policy to no longer keep any passwords of any sort. Clients will need to grant us access to their install when any work is to be performed.?

Albright said that an investigation is now underway to determine ?the exact cause and level of the security breach.?

?TMM intends to prosecute to the fullest extent possible anyone responsible for any breach of its servers and programs,? Albright said.

In a statement issued over the weekend, Albright said that his company?s handling of the situation had not been ideal and apologized for not taking more extensive action sooner, but attributed its limited actions to the fact that TMM was not aware of the full scope of the problem.

?If we had known that the issue was more widespread we would have without question contacted everyone,? Albright said in the statement. ?We did not believe at the time it was a widespread issue. Again, this was a mistake on our part and I apologize to everyone for it. I was not trying to put blame on our clients for this and I'm sorry if I was taken that way. I was simply trying to point out the various possibilities as to what may have been going on while we were investigating it. This is not our [clients?] fault in any way.?

AlienQ - BANNED FOR LIFE · 12-24-2007, 08:48 PM

Marry Xmas!

notoldschool · 12-24-2007, 08:49 PM

Ho Ho Ho. Merry Xmas.

madfuck · 12-24-2007, 08:58 PM

merry xmas!!!

DVTimes · 12-24-2007, 08:58 PM

yes

merry xmass

DVTimes · 12-24-2007, 09:03 PM

my xmass thread

http://www.gfy.com/fucking-around-and-business-discussion/794655-merry-xmass-happy-card-thingy.html

kovacs · 12-24-2007, 09:04 PM

so what does this mean? i have to change all my nats passwords and check all my details at all the nats programs i use?

minusonebit · 12-24-2007, 09:08 PM

Aww, what a shame they didn't use the press release I sent them. Mine wasn't full of so much posturing and trying to prop up the name of John's two-bit, good for nothing, ain't worth a shit company.

tical · 12-24-2007, 09:36 PM

i'm willing to bet this 'breach' went on for a LOT longer

after nats was installed for amateurwealth.com (LONG ago) before we even went live i was getting spammed to my test transaction email addresses (catchall emails that were never used before)

i doubt we were hacked, we hadn't even announced anything at that point

wouldn't be suprised if it was the same issue

Iron Fist · 12-24-2007, 09:41 PM

I feel bad for John... guy is having probably the worst Christmas of his whole life... I know he fucked up, but man, this could not of happened at a worse time.

ninavain · 12-24-2007, 10:21 PM

merry christmas

DVTimes · 12-24-2007, 10:48 PM

merry xmas!!!

minusonebit · 12-24-2007, 10:52 PM

Quote:

Originally Posted by sharphead

I feel bad for John... guy is having probably the worst Christmas of his whole life... I know he fucked up, but man, this could not of happened at a worse time.

He made his bed, set it on fire, now its time for him to lay in it.

amateurcanada · 12-24-2007, 11:15 PM

Still a fine piece of software.

SmokeyTheBear · 12-24-2007, 11:23 PM

Quote:

Originally Posted by tical

i'm willing to bet this 'breach' went on for a LOT longer

after nats was installed for amateurwealth.com (LONG ago) before we even went live i was getting spammed to my test transaction email addresses (catchall emails that were never used before)

i doubt we were hacked, we hadn't even announced anything at that point

wouldn't be suprised if it was the same issue

me neither , many many webmasters have brought it up over the last 2 years about nats , but it was always the same story . " must be you not us"

kovacs · 12-24-2007, 11:24 PM

it's a real pity that this industry is run by thieves and frauds

DigitalPimp · 12-24-2007, 11:35 PM

Quote:

Originally Posted by kovacs

so what does this mean? i have to change all my nats passwords and check all my details at all the nats programs i use?

Been wondering the same thing. Anyone know if the part of NATS that got hacked was affiliate data or member data or both or all or what?

Odin · 12-24-2007, 11:39 PM

Quote:

Originally Posted by SmokeyTheBear

me neither , many many webmasters have brought it up over the last 2 years about nats , but it was always the same story . " must be you not us"

Whoever it was made a fortune on it. Big big business in having that kind of access to that many member databases.

DVTimes · 12-25-2007, 05:56 AM

merry xmass

RAM · 12-25-2007, 05:59 AM

Happy Christmass and Merry New Years !!!
Many Cumshots...is all we can hope for

Paul Markham · 12-25-2007, 06:13 AM

Quote:

Asked how long TMM had been aware of the breach, Albright said that there had been a ?lot of misrepresentation [as] to this,? but verified that the company did ?become aware of an issue a few months ago.?

?We had determined what we at the time thought to be the extent of it and notified those who were affected,? Albright said. ?Also, as a precaution, we changed all of the admin passwords we maintained regardless of whether we had an indication they had been compromised or not. As soon as we became aware of the issue being more widespread we immediately contacted all of our clients and took the actions mentioned previously.?

Albright took exception to the notion that the company had not notified its clients in a timely fashion, and defended the company?s actions as being appropriate given the perceived degree of the breach?s severity at the time it was first discovered.

?This is something being misrepresented by people,? Albright said. ?We take our security and the security of our clients very seriously. [W]e contacted everyone we thought had been affected when we first knew of the issue and we contacted all clients as soon as we learned the issue was more widespread.?

Did they notify clients they thought were at risk when they first found out about this and if so who are they? These clients could save John from a lot of grief and I'm sure some will step up to the plate for him and tell us they were notified three months ago.

Or did they just fix it for the ones who notified them of the compromise and tell them how to fix it?

As for being a shit Xmas for him, not as shit as it is for some of his clients.

tical · 12-25-2007, 10:53 AM

Quote:

Originally Posted by SmokeyTheBear

me neither , many many webmasters have brought it up over the last 2 years about nats , but it was always the same story . " must be you not us"

that is the same thing they said to us, heh

Paul Markham · 12-25-2007, 11:07 AM

Double post/.

notoldschool · 12-25-2007, 11:10 AM

Quote:

Originally Posted by Paul Markham

Double post/.

havent you figured out in the past years that NOONE cares what you think?

Azoy? · 12-25-2007, 12:54 PM

Quote:

Originally Posted by allanuk

http://www.xbiz.com/news/88230

FREEHOLD, NJ ? Too Much Media, creators of the NATS affiliate tracking software, confirmed that the company has been the victim of a security breach through which an unspecified number of NATS clients? data also has been compromised.
?We have been made aware that we may have been a victim of a security breach in which access was made to one of our servers,? Too Much Media co-founder John Albright told XBIZ. ?It appears that certain non-unique usernames and passwords we maintained for administrative support of our clients were compromised.?

Albright said that in light of the breach, ?all passwords have been changed and passwords will be no longer be maintained by TMM.?

According to Albright, no credit card information was at risk due to the breach, and that ?preliminary indications are that the hacker was after email lists.?

Asked how long TMM had been aware of the breach, Albright said that there had been a ?lot of misrepresentation [as] to this,? but verified that the company did ?become aware of an issue a few months ago.?

?We had determined what we at the time thought to be the extent of it and notified those who were affected,? Albright said. ?Also, as a precaution, we changed all of the admin passwords we maintained regardless of whether we had an indication they had been compromised or not. As soon as we became aware of the issue being more widespread we immediately contacted all of our clients and took the actions mentioned previously.?

Albright took exception to the notion that the company had not notified its clients in a timely fashion, and defended the company?s actions as being appropriate given the perceived degree of the breach?s severity at the time it was first discovered.

?This is something being misrepresented by people,? Albright said. ?We take our security and the security of our clients very seriously. [W]e contacted everyone we thought had been affected when we first knew of the issue and we contacted all clients as soon as we learned the issue was more widespread.?

Asked what NATS clients should do in the short term to improve security on their end, Albright said TMM is ?recommending all clients utilize the admin IP restriction feature which has been available in NATS for some time.?

?Many clients had already taken advantage of this and other security features in NATS and were not affected by this breach,? Albright said, adding that TMM has been in touch with their clients in order to gather information and to advise their clients about what steps to take.

?We have asked via statements, emails to clients, and news items posted in the NATS admin news and on our website that people submit a support ticket so we may advise them of the best actions to take,? Albright said. ?We have also taken actions on our end to change all passwords to any installs which may have been compromised and we are no longer maintaining those passwords. We have modified our policy to no longer keep any passwords of any sort. Clients will need to grant us access to their install when any work is to be performed.?

Albright said that an investigation is now underway to determine ?the exact cause and level of the security breach.?

?TMM intends to prosecute to the fullest extent possible anyone responsible for any breach of its servers and programs,? Albright said.

In a statement issued over the weekend, Albright said that his company?s handling of the situation had not been ideal and apologized for not taking more extensive action sooner, but attributed its limited actions to the fact that TMM was not aware of the full scope of the problem.

?If we had known that the issue was more widespread we would have without question contacted everyone,? Albright said in the statement. ?We did not believe at the time it was a widespread issue. Again, this was a mistake on our part and I apologize to everyone for it. I was not trying to put blame on our clients for this and I'm sorry if I was taken that way. I was simply trying to point out the various possibilities as to what may have been going on while we were investigating it. This is not our [clients?] fault in any way.?

And now, the end is near,
And so I face the final curtain...........................

Paul Markham · 12-25-2007, 02:14 PM

Quote:

Originally Posted by notoldschool

havent you figured out in the past years that NOONE cares what you think?

Noone or no one?

You seem to care enough to post.

borked · 12-25-2007, 03:39 PM

sod it - 8chars

DVTimes · 12-31-2007, 10:40 AM

Bump......................

12-24-2007, 08:48 PM	#1
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	Too Much Media Comments on NATS Security Breach http://www.xbiz.com/news/88230 FREEHOLD, NJ ? Too Much Media, creators of the NATS affiliate tracking software, confirmed that the company has been the victim of a security breach through which an unspecified number of NATS clients? data also has been compromised. ?We have been made aware that we may have been a victim of a security breach in which access was made to one of our servers,? Too Much Media co-founder John Albright told XBIZ. ?It appears that certain non-unique usernames and passwords we maintained for administrative support of our clients were compromised.? Albright said that in light of the breach, ?all passwords have been changed and passwords will be no longer be maintained by TMM.? According to Albright, no credit card information was at risk due to the breach, and that ?preliminary indications are that the hacker was after email lists.? Asked how long TMM had been aware of the breach, Albright said that there had been a ?lot of misrepresentation [as] to this,? but verified that the company did ?become aware of an issue a few months ago.? ?We had determined what we at the time thought to be the extent of it and notified those who were affected,? Albright said. ?Also, as a precaution, we changed all of the admin passwords we maintained regardless of whether we had an indication they had been compromised or not. As soon as we became aware of the issue being more widespread we immediately contacted all of our clients and took the actions mentioned previously.? Albright took exception to the notion that the company had not notified its clients in a timely fashion, and defended the company?s actions as being appropriate given the perceived degree of the breach?s severity at the time it was first discovered. ?This is something being misrepresented by people,? Albright said. ?We take our security and the security of our clients very seriously. [W]e contacted everyone we thought had been affected when we first knew of the issue and we contacted all clients as soon as we learned the issue was more widespread.? Asked what NATS clients should do in the short term to improve security on their end, Albright said TMM is ?recommending all clients utilize the admin IP restriction feature which has been available in NATS for some time.? ?Many clients had already taken advantage of this and other security features in NATS and were not affected by this breach,? Albright said, adding that TMM has been in touch with their clients in order to gather information and to advise their clients about what steps to take. ?We have asked via statements, emails to clients, and news items posted in the NATS admin news and on our website that people submit a support ticket so we may advise them of the best actions to take,? Albright said. ?We have also taken actions on our end to change all passwords to any installs which may have been compromised and we are no longer maintaining those passwords. We have modified our policy to no longer keep any passwords of any sort. Clients will need to grant us access to their install when any work is to be performed.? Albright said that an investigation is now underway to determine ?the exact cause and level of the security breach.? ?TMM intends to prosecute to the fullest extent possible anyone responsible for any breach of its servers and programs,? Albright said. In a statement issued over the weekend, Albright said that his company?s handling of the situation had not been ideal and apologized for not taking more extensive action sooner, but attributed its limited actions to the fact that TMM was not aware of the full scope of the problem. ?If we had known that the issue was more widespread we would have without question contacted everyone,? Albright said in the statement. ?We did not believe at the time it was a widespread issue. Again, this was a mistake on our part and I apologize to everyone for it. I was not trying to put blame on our clients for this and I'm sorry if I was taken that way. I was simply trying to point out the various possibilities as to what may have been going on while we were investigating it. This is not our [clients?] fault in any way.? __________________ The Affiliate Program

12-24-2007, 08:48 PM	#2
AlienQ - BANNED FOR LIFE best designer on GFY Join Date: Mar 2003 Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384 Posts: 30,307	Marry Xmas! __________________ NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! \| The Alien Blog Adult News Worth Reading Updated Daily \| Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 \|ICQ: 78943384 \|

12-24-2007, 08:49 PM	#3
notoldschool Confirmed User Join Date: Aug 2007 Posts: 5,687	Ho Ho Ho. Merry Xmas. __________________ No doubt one may quote history to support any cause, as the devil quotes scripture. -- Learned Hand http://www.bjpenn.com

12-24-2007, 08:58 PM	#5
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	yes merry xmass __________________ The Affiliate Program

12-24-2007, 09:03 PM	#6
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	my xmass thread http://www.gfy.com/fucking-around-and-business-discussion/794655-merry-xmass-happy-card-thingy.html __________________ The Affiliate Program

12-24-2007, 08:58 PM	#4
madfuck Registered User Join Date: Oct 2004 Posts: 2,032	merry xmas!!!

12-24-2007, 09:04 PM	#7
kovacs So Fucking Banned Join Date: Nov 2007 Posts: 248	so what does this mean? i have to change all my nats passwords and check all my details at all the nats programs i use?

12-24-2007, 09:08 PM	#8
minusonebit So Fucking Banned Join Date: Feb 2006 Location: [email protected] Posts: 7,391	Aww, what a shame they didn't use the press release I sent them. Mine wasn't full of so much posturing and trying to prop up the name of John's two-bit, good for nothing, ain't worth a shit company.

12-24-2007, 09:36 PM	#9
tical Confirmed User Join Date: Feb 2002 Location: Las Vegas Posts: 6,504	i'm willing to bet this 'breach' went on for a LOT longer after nats was installed for amateurwealth.com (LONG ago) before we even went live i was getting spammed to my test transaction email addresses (catchall emails that were never used before) i doubt we were hacked, we hadn't even announced anything at that point wouldn't be suprised if it was the same issue __________________ 112.020.756

12-24-2007, 09:41 PM	#10
Iron Fist Too lazy to set a custom title Join Date: Dec 2006 Posts: 23,400	I feel bad for John... guy is having probably the worst Christmas of his whole life... I know he fucked up, but man, this could not of happened at a worse time. __________________ i like waffles

12-24-2007, 10:21 PM	#11
ninavain So Fucking Banned Industry Role: Join Date: Jan 2004 Location: Las Vegas Posts: 6,268	merry christmas

12-24-2007, 10:48 PM	#12
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	merry xmas!!! __________________ The Affiliate Program

12-24-2007, 11:15 PM	#14
amateurcanada Confirmed User Industry Role: Join Date: Jul 2001 Posts: 3,766	Still a fine piece of software. __________________ be our partner - join nichepartners today will.assum.producer @ AmateurCanada.com / icq: 30146166 / facebook.com/will.assum / #amateurcanada

12-24-2007, 11:24 PM	#16
kovacs So Fucking Banned Join Date: Nov 2007 Posts: 248	it's a real pity that this industry is run by thieves and frauds

12-25-2007, 05:56 AM	#19
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	merry xmass __________________ The Affiliate Program

12-25-2007, 05:59 AM	#20
RAM They're all hookers, but mom! Industry Role: Join Date: Jan 2001 Location: Right now Shelby Twp MI Posts: 7,047	Happy Christmass and Merry New Years !!! Many Cumshots...is all we can hope for __________________ RAM Fucking Machines are like CASH MACHINES See RAM on these quality sites!! Rightofftheboat.com EuroBrideTryouts.com

12-25-2007, 11:07 AM	#23
Paul Markham Too old to care Industry Role: Join Date: Jun 2001 Location: On the sofa, watching TV or doing my jigsaws. Posts: 52,943	Double post/. __________________ Blowout deal. 880 videos, 2,400 image sets, plus many RAW videos. $500. PM me for a deal. Skype Paulmarkham70 Last edited by Paul Markham; 12-25-2007 at 11:09 AM..

12-25-2007, 03:39 PM	#27
borked Totally Borked Industry Role: Join Date: Feb 2005 Posts: 6,284	sod it - 8chars __________________ For coding work - hit me up on andy // borkedcoder // com (consider figuring out the email as test #1) All models are wrong, but some are useful. George E.P. Box. p202 Last edited by borked; 12-25-2007 at 03:42 PM..

12-31-2007, 10:40 AM	#28
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	Bump...................... __________________ The Affiliate Program