NATS Security?
 

I am an affiliate of a program using NATS. My account has been hacked now twice. Once in November by that asshole in Canada and yesterday. Probably the same shitheel. Apparently a brute force password hack, although my password is 9 digits. The IP the hacker used is 162.219.176.58.

My question is, since I do not use NATS I don't know, does the NATS program have two factor login security? Does the NATS program allow the owner to limit login attempts? I should mention that I did not receive any notifications that there were account changes and I have them all set up.

Can someone just run a brute force attack on a NATS site until he gets a password? Oh, and by the way, my personal computer has not been hacked and the information did not come from me.

The real problem is all of my information is available now to the hacker including my social security number.

I would like to hear from the NATS people about their security solutions so I can inform this program how to tighten up their webmaster section.

maybe hacked email? if he reset pass, you dont need even know if he is fast. or bf is possible nats dont have ip blocking i think. stay safe :)

He didn't change anything this time. Last time he changed the payout name and address. Of course, I got a password reset sent to my email and got back in. I immediately received an email notifying of the password change. So go figure. Something is very wrong if someone can do as they please inside of a NATS affiliate page and I don't find out until I cannot login.

i mean, that if he is on your email, he can reset nats pass also. but if its only one program, it is more like the program is hacked :2 cents:

It really is kind of ridiculous that in 2014 NATS still shows the whole SSN rather than just the last four digits. It's stupid. Legally I'm not sure if it would qualify as negligence if a major incident occurred. Possibly?

I think it is hard to hack a Google email address, but I could be wrong. I think you are right about the program being hacked.

This is the same hacker fuck you can read about in this thread:
https://gfy.com/showthread.php?t=1124799

That's is a fact. Also there should be some serious security solutions available to webmasters that use NATS if only to protect affiliates. I suppose NATS will be along in this thread to explain. But, for the life of me, I cannot imagine, in this day and age, that some one can use a brute force password attack on a program like this and get my password. If in fact, that is how they got in.

Sent this thread to Vlad from TMM. Guess he will respond soon

I doubt he hacked account by using brute force attack than rather by hacking your computer, browser or email account...

I spoke to the program owner and he checked his server logs so no brute force attack. My computer and browsers have not been hacked. My email is handled by Google so doubtful that was hacked. I kept the password in my head. If the hacker requested a password reset, that would suggest he hacked my email address, but that has not happened. Any other ideas?

Chances are high the program is hacked and the owner knows it but does not care.

I can't imagine that. A hacker could bring down his whole operation just by redirecting affiliate payouts. I agree the program may be hacked, but the owner may not be aware of it or is denying it. At any rate, I have heard nothing of simple basic security features to protect affiliates using NATS. I think I will go back to depending on CCBill programs for my affiliate work. At least hackers can't get my personal information handed to them on a platter there.

xss .