NATS AFFILIATES: In here now please...
 

So as a result of this whole mess, I've begun the process of changing my passwords with all the various programs I promote for on the NATs platform...

One thing that's driving me nuts, is SOME SPONSORS are giving me this message:

IMPORTANT
Your edit-request was accepted. We have e-mailed you with the details of the change so that you can verify it again. Your changes will NOT take effect until you have oked them.

You will find a link to do this in the e-mail we have sent you.

Now this is cool... on the majority of the sponsors i'm changing passwords on, all i'm getting is just this:

Your information has been updated!

No e-mail, no notification that someone changed anything in my affiliate account - NOTHING.

I can not believe sponsors have their affiliate modules set up like that! :mad::mad::mad:

The other thing that is annoying me is some sponsors (well ok, just 1 sponsor so far) appear to not have their email set up properly, so I'm unable to get the email to verify the password change. Annoying. What a fun night I'm having. Thanks, NATS.

Also

Have people noticed that the 'members' link on alot of nats tours is a huge traffic leak?? I just hit up 5 programs and all of them swap out my id for an inhouse id on the 'members' login page. :disgust

NATS codes are plain-text but encoded in base64. Decode it to see what's going on. They may be simple swapping out a siteid, while your affiliate id remains the same.

this is serious

It's pretty much useless to change your NATS passwords now as an affiliate until you "know" that that program has fixed their NATS install. Otherwise the hacker will just get your new info.

I like that the changes have to be approved by someone with access to the email address you used when you signed up.
I think whenever any payment information is changed there should be another additional step too.

Lucky for me, even if sponsors I do use were hacked, all they're going to find is a business tax id # and a post office box address.
Yet another good reason to set yourself up as a proper business.

If you have any additional feedback on the changing of info as to what additional steps you would like to see please shoot me an email to albright[]toomuchmedia.com We are adding to these features in NATS v4 and any input is appreciated.

Better than the ones that send the Email but you never get it... Why?

Because your ISP banned them for spamming... haha... uhhh

John, what about what crockett said ? will it be useless in your opinion taking note you know the most about this issue ?

you don't get it, do you ?
someone, lets say an hacker has access to NATS systems and is downloading the entire database of both affiliates and members.

the hacker can take your *new* password an hour or a day after you change it when he again runs the script the steals the database.
get it now ?
until the access is blocked - you;'re fucked.

This will unfortunately go over a lot of peoples head. There is absolutely no point changing your passwords until you know for sure that the problem is fixed.

Like Naja says, they can just come right back in and get your new password. Thing I would do is change all your important passwords if they are remotely similair to your sponsors password. Epass, digital banking etc etc...

this has little to do with nats IMO
this is how most programs steal your traffic.
this is the oldest traffic leak around.

it accounts for as much as 5% of initial sales.
the 5% # is solely based on one program where we're able to track these sales.

That is why I am waiting to make the changes. No need for someone to get another set of my passwords.

Having the same password for all or even 2 of your accounts is just silly. Get a black book and make every site a different password. Yes, its a pain in the ass but is safer then having them all the same.

My 2c worth.

this password updating is going to take me hours :( :helpme

Beyond changing your passwords, you need to set up different e-mail addresses so you can track the people who sell your info. For example

[email protected]
[email protected] :winkwink:

or more importantly

[email protected]
[email protected]
[email protected]

etc..

Then when you start getting hit with all kinds of spam shit. You can track down who is selling your shit off, and eliminate them, then post on GFY about it.

:2 cents:

EDIT: later...

lol, barefuootsies, good idea (using darkjedi) haha

:winkwink:

but how will we know the problem is fixed ? i'm not sure if it's the sponsors that need to fix this security hole or NATS. I hope the sponsors notify their affiliates about when it's fixed...

looks like the affiliate are the least important in this whole issue...no one cares about them and their privacy