NATS hacker?

[Charlie]

Quote:

Originally Posted by tigermom

What exactly is it that they can retrieve about me? There's nothing I give out to a nats sponsor that's too secret, I think. It's not fun, for sure, and a breach of my privacy, but I'm not sure how it can hurt me exactly.

I never use the same login/password for anything, so they can't access my epass or paypal accounts or my servers or anything.

Did anyone answer this? I'd like to know this too. If they change my payout info to someplace they can get my money, then I figure they can be easily tracked.

This probably sucks if you have bank wire info in there (but doesn't that just go one way?), but other than that what else can they do?

Between NATS and Epassporte it's amazing anyone stays in this business longer than the first month they start

[pc]

I just got e-mail from massivedollars.com -the same thing !

[tickler]

Quote:

Originally Posted by Useless Warrior

I'm not overly concerned if some devious fucker logs in and changes my payout info. |shocking|

Quote:

Originally Posted by Charlie

If they change my payout info to someplace they can get my money, then I figure they can be easily tracked.

|shot|pcwins|
Go ahead , and try playing with my account.
I bet I know a merc living not too far from you!

100s of sponsors, and a lot of them are NATs. This is going to take awhile.

[T Pat]

It sure would be nice if someone from NATS would address this issue on this board.
I refuse to wade through all the shit at GFY to see if they have addressed it there

[Toby]

Quote:

Originally Posted by T Pat

It sure would be nice if someone from NATS would address this issue on this board.
I refuse to wade through all the shit at GFY to see if they have addressed it there

At this point the damage is done, there's not much TMM can do for individual affiliates of sponsors using their NATS software. They've contacted each of those sponsors with instructions on how to lock down their NATS admin, and they've deleted their own list of admin passes that was hacked (they'll now need a temp account created by each sponsor any time they need access to update/maintain the software).

It's up to each sponsor to in turn contact their affiliates with proper instructions. Some sponsors already had taken precautions that prevented unauthorized access to their NATS admin. Some that had not, don't show any evidence in their logs that there was any unauthorized access, and others do indeed know their admins were accessed and at the very least email addresses were taken.

I've still not heard from over half of the NATS sponsors I'm signed up with. Those that I haven't heard from by Friday morning will be getting an email from me asking why.

[Trixxxia]

Quote:

Originally Posted by Charlie

Did anyone answer this? I'd like to know this too. If they change my payout info to someplace they can get my money, then I figure they can be easily tracked.

This probably sucks if you have bank wire info in there (but doesn't that just go one way?), but other than that what else can they do?

Between NATS and Epassporte it's amazing anyone stays in this business longer than the first month they start

Charlie,
If someone changes your payout - depends on your payout - yes, they may be trackable but the chances that you get your money back are slim.

If they have your epassporte account and manage to get your password (not going to give ideas on possible ways to get that) but let's imagine they do, well your money will be gone and there's no way you'll be able to recover that. One way to help prevent that is that you all go into epassporte and apply the new security features they've put in place.

If they have your banking details - there are ways they can get your money, all depends on how your bank works and the security measures they have in place.

As for what is available - from what I see, it's your name, address, SSN (if you're in the US) and your payout method. If you are a foreign webmaster, the SSN isn't a concern.

As for members - depends on the postback from billing companies but example - we only see name, email & postal code with one biller and only email & postal code with the other biller we use (the two billers we prominently use). No creditcard details are received by us, therefore, not stored on our servers - hence no possibility of it being compromised.

**Hope that helps**

[Charlie]

Quote:

Originally Posted by Trixxxia

Charlie,
If someone changes your payout - depends on your payout - yes, they may be trackable but the chances that you get your money back are slim.

If they have your epassporte account and manage to get your password (not going to give ideas on possible ways to get that) but let's imagine they do, well your money will be gone and there's no way you'll be able to recover that. One way to help prevent that is that you all go into epassporte and apply the new security features they've put in place.

If they have your banking details - there are ways they can get your money, all depends on how your bank works and the security measures they have in place.

As for what is available - from what I see, it's your name, address, SSN (if you're in the US) and your payout method. If you are a foreign webmaster, the SSN isn't a concern.

As for members - depends on the postback from billing companies but example - we only see name, email & postal code with one biller and only email & postal code with the other biller we use (the two billers we prominently use). No creditcard details are received by us, therefore, not stored on our servers - hence no possibility of it being compromised.

**Hope that helps**

Yes, it does. Thanks. Sounds like the biggest threat would be them getting into your epass account since names and social security numbers aren't very hard to get without going to these methods.

Thanks again

[lassiter]

Quote:

Originally Posted by Toby

I've still not heard from over half of the NATS sponsors I'm signed up with. Those that I haven't heard from by Friday morning will be getting an email from me asking why.

I understand it's holiday break, but JaymanCash is the ONLY NATS sponsor I deal with that I've heard from about this so far, out of around 15.

[Trixxxia]

Quote:

Originally Posted by lassiter

I understand it's holiday break, but JaymanCash is the ONLY NATS sponsor I deal with that I've heard from about this so far, out of around 15.

I can tell you that for MassiveDollars I've had 30% of the emails bounce back - because of these three possible reasons: email invalid, mailbox full, spamblocker blocked it.

**check if your email is updated - whitelist all your sponsors to be safe**

[lassiter]

Quote:

Originally Posted by Trixxxia

I can tell you that for MassiveDollars I've had 30% of the emails bounce back - because of these three possible reasons: email invalid, mailbox full, spamblocker blocked it.

**check if your email is updated - whitelist all your sponsors to be safe**

An excellent idea, always. In my case, however, all my sponsors are whitelisted and I'm actually getting things like regular FHG update mail, etc. from the same NATS sponsors that aren't mentioning the hack - so I don't think that's the problem here.

[T Pat]

Hi Patrick,

There has been some recent concerns with some Nats security issues. We assure you we have always kept your infomation safe. We went through various webmaster accounts and made sure they weren't being accessed by any weird ip addresses and did not find anything. We took all recommended steps to close this exploit and prevent any data from being compromised as soon as this issue was found out. We are also taking extra steps now to make sure your information is secure. Also when we process payments we make sure the info has not changed and if it has we contact you.

To be on the safe side we recommend that you log into your IntenseCash account and verify that all your data is correct and we suggest you change your password immediately. Please use a strong, random alphanumeric password that is unique. Many webmasters use the same password for all their sponsors. We advise you to never do this you should make each password unique to each program. If you want to keep it simple You can maybe use initials of the program like IntenseCash would be ic and throw them in your password somewhere. You could do this for each program and make it a bit easier to keep track of passwords.

Be assured this issue is on the top of our priority list and we have been following everything very closely. Please visit our message board Gay Main Street if you want to follow this issue more closely. You can also contact us with any concerns or questions you may have. Thanks for your cooperation in this matter.

Thanks,
IntenseCash Crew

URL - http://www.intensecash.com
MESSAGE BOARD - http://www.gaymainstreet.com
EMAIL - mark@intensecash.com
ICQ - 191604661

[2msacras]

I've read alot about how a hacker could have access to logins/passwords and banking info but does anyone know if they had access to affiliate addresses and SS#'s? I haven't seen anything about that anywhere and that's what scares me the most.

[Toby]

Quote:

Originally Posted by 2msacras

I've read alot about how a hacker could have access to logins/passwords and banking info but does anyone know if they had access to affiliate addresses and SS#'s? I haven't seen anything about that anywhere and that's what scares me the most.

They had master admin access. ALL of your account information was available to them. If that included your address and SS# then yes they had access to it.

[tigermom]

Yes, but I never saw a sponsor asking for your bank info there. Basically, I wouldn't give a sponsor any info that I deem to be too sensitive because, well, you never know, anything can be hacked these days.