Thousands of Adult Website Accounts Compromised

Keith writes "Tens of thousands — or maybe more — accounts to adult websites were recently declared compromised and apparently have been that way since some time in October 2007. The break occurred when the NATS software used to track and manage sales and affiliate revenues was accessed by an intruder. The miscreant apparently discovered a list of admin passwords residing on an unsecured office server at Too Much Media, which makes and maintains NATS installations for adult companies. It would appear that Too Much Media knew of the breach back in October, and rather than fixing the issue tried to bury it by threatening to sue anyone in the adult industry who talked about it." The article gives suggestions for anyone who opened an account at any adult website in the last several months.

Something came up...

[Anonymous Coward]

Well, I guess that explains why it's so quiet around here.

I'm sure they'll...

[Bin_jammin]

rub this problem out in a hurry.

Re:

[SacredByte]

Someone deserves a spanking over this....

Re:I'm sure they'll...

[bl4nk]

This penetration has thrust a large mess of members in to a new position, one which they probably aren't familiar with (unless they get off on this kind of thing). It's sad the industry has shrunk to the force of Too Much Media, and has effectively been boned. If it's lucky, the authorities will slap the cuffs on TMM, throw them in the slammer, and make them eat kumquats.

Butt plugs. [youtube.com]

To be honest...

[DreadfulGrape]

I'm tired of getting jerked around by these folks.

Re:

[Schmiggy_JK]

Why is it that my mod points run out the day before I cum across a funny comment like this...

Compromising Position.

[Anonymous Coward]

""Tens of thousands -- or maybe more -- accounts to adult websites were recently declared compromised and apparently have been that way since some time in October 2007. "

Quick! Someone see if Taco's on that list.

You would've done the same

[Smordnys s'regrepsA]

Well, I see a few Pink Tacos...

I have a suggestion too

[Glowing Fish]

For everyone who opened up an account on an adult website:

Usenet.

Re:

[ocbwilg]

I agree, I haven't paid for porn for years. Between USENET and pr0n "blogs" offering free photo and video previews of dozens of sites a day, there's more free porn out there (at just the places I hit) than even I can look at in a day.

It Must Be Christmas

[Hoi Polloi]

Thanks Santa!

Re:

[Pantero Blanco]

I have a better suggestion: pussytorrents.org

I have an even better suggestion: Find a woman and impress her. :)

Re:

[mochan_s]

I have an even better suggestion: Find a woman and impress her. :)

Or even better find two women, impress them both with your wealth and power at the same time.

Re:I have a suggestion too

[youthoftoday]

You insensitive clod! This is Slashdot. You must be new here.

Re:

[CCFreak2K]

This is Slashdot.

It is? I thought it was C|net. Damn.

Re:

[SacredByte]

I had heard something along these lines... Apparently, for Porn-star Recognition Day, they were planning to edit their mainpage to show as "the asspirate bay" whilst changing the picture to show a rendering of the goatse.cx image.

Re:I have a suggestion too

[PopeRatzo]

I have an even better suggestion: Find a woman and impress her

Just save yourself some time and pretend she's already sworn a restraining order against you.

Re:

[ralphdaugherty]

Just save yourself some time and pretend she's already sworn a restraining order against you.

      This should be modded funny. Also informative. :)

  rd

Re:

[rbb]

Just save yourself some time and pretend she's already sworn a restraining order against you.

Restraining orders are just another way of saying I love you.

If true, this isn't particularly surprising.

[Anonymous Coward]

We are, after all, talking about pornography paid for with credit cards. The entity which lost these data is a clearinghouse for porn payments; its customers are the webmasters who run individual adult sites. Webmasters who, of course, have a vested interest in keeping this quiet. The fault was not theirs, per say, but the repercussions if this becomes public knowledge would bear heavily upon them.

In addition, it's porn. Individual end users cannot protest very much without either A: Admitting they pay for porn online or B: being the subject of askance glances and the occasional, "Methinks he doth protest too much." Some folks won't care, but the kind of people who actually have influence in the real world can't afford that kind of tarnish.

So, even if the worst happens and large amounts of private data are in nefarious hands, it'll all get dealt with quietly. The victims will sort it out in private with their banks, the webmasters will never speak of it, and the company itself probably won't feel much of a hit. If they really do have 90% market share, I doubt anyone else in the field is ready to just jump in and take over.

Re:If true, this isn't particularly surprising.

[mochan_s]

In addition, it's porn. Individual end users cannot protest very much without either A: Admitting they pay for porn online or B: being the subject of askance glances and the occasional, "Methinks he doth protest too much."

You do realize that prepaid credit cards exist, right? You can set any name to it and use it. Since you don't have to have anything physical delivered and it's all online, then you can create fake names and leave out addresses.

Re:

[SacredByte]

In addition, it's porn. Individual end users cannot protest very much without either A: Admitting they pay for porn online or B: being the subject of askance glances and the occasional, "Methinks he doth protest too much."

You do realize that prepaid credit cards exist, right? You can set any name to it and use it. Since you don't have to have anything physical delivered and it's all online, then you can create fake names and leave out addresses.

Do you realize that not every Joe-Sixpack takes the time to

Re:

[Seumas]

Who the hell feels embarrassed for porn? It's 2007. Yeah, if you were ripped off by a payment processor that put "iloveyoungboys.com" on your bill, that's one thing. But in general, who cares?! Oh no, you might have to admit that you are a guy, have testosterone and might wank off to hot sluts. Boy, how embarassing.

Re:

[DarkVader]

No, the embarrassing part wouldn't be watching porn - everybody does that.

What would be embarrassing would be getting caught PAYING for porn in 2007. Now that would be embarrassing.

(And yes, I'm quite sure my credit card information hasn't been compromised in this incident.)

Re:

[localman]

Or, you know, you could just admit that you look at porn. Is there really anyone that close to you who still thinks looking at porn is an awful stigma? Why?

Cheers.

Re:

[localman]

Yeah, I hear you. However in general I feel it's worth the effort to advocate my lifestyle than to hide it away. Even with women :) Isn't it unfortunate that the accepted solution to a girl not liking her guy watching porn is "lie to her"? Ah well.

Cheers.

Re:

[piojo]

You do realize that prepaid credit cards exist, right? You can set any name to it and use it. Since you don't have to have anything physical delivered and it's all online, then you can create fake names and leave out addresses.

This seems rather useful. Are these normally gotten through one's bank? If not, where does one get such a service?

Where to buy gift cards

[BenEnglishAtHome]

...where does one get such a service?

I don't know where you are, so this may not be applicable. I'm in Texas. We have Ace Cash Express stores (check cashing places, mostly) all over the place. You just walk up to the window and ask for a gift card and tell them how much money you want to put on it, up to $250. The cost is $5 over the amount on the card.

Here's a tip: If they start asking you for identity information (name, address, etc.) they've misunderstood your request and are trying to sell you a re

Re:If true, this isn't particularly surprising.

[Archon-X]

You've made a lot of assumptions, most of them wrong

#1 - CC data wasnt stolen
#2 - NATS does NOT process credit cards. It simply coordinates transactions, just like when you buy something from a site via paypal - the transaction is done at paypal, the yes/no result is shipped back to NATS.
#3 - Don't assume because it's the 'porn industry' that it's seedy and business ethics are out of the window. There are a lot of large companies with a lot of money invested, and the security of their clients makes sense. Why would you want to rip off or mal-treat your clients? There are definitely arseholes in the industry, just as there are everywhere, for example, the post of this article [he released 300 webmaster usernames / passwords to the world, resulting in huge financial thefts.
#4 - There are multiple industry options: MPA, Epoch, CCBill, etc. NATS has a large market share because the software is good, primarily because it was the first piece of software that had 'no shave' option, ie, the software couldnt steal sales.

Like it's been said already, this issue was a clusterfuck, and handled badly by TMM, but there is so much misinformation, especially about te threat of stolen CCs and slamming the industry, that I'm compelled to say something.

Re:If true, this isn't particularly surprising.

[owlnation]

In addition, it's porn. Individual end users cannot protest very much without either A: Admitting they pay for porn online or B: being the subject of askance glances and the occasional, "Methinks he doth protest too much." Some folks won't care, but the kind of people who actually have influence in the real world can't afford that kind of tarnish.

You're looking at this from an English speaking World perspective. Note that in countries such as Holland or Germany, where most of the adult/sex industry is completely legal, consumers of adult products have as much rights as any other consumer. There's also not the stigma attached to such things as there is in the UK or the US. People there would sue, and would sue openly.

All in all, in countries like Germany there's a much healthier attitude to sex and the adult industry. Both consumers and providers are much better protected there.

It seems to me that in the UK in particular (which is a semi-fascist state at best anyway) the repression and legislation of the adult industry is increasing, from what was already a very repressed and intolerant level. This is not healthy, this simply makes it easier for organized crime, and incidents like this one to occur.

Re:

[Tim C]

I'm not so sure I agree with your interpretation of the situation in the UK. Sure, we're rather more repressed than some (many?) other parts of Europe, but I don't think we're as bad as the US. You can buy softcore porn mags in almost any newsagents, there are topless women in our tabloids, etc.

Yes, Nu Labour is talking about cracking down on prostitution - but that strikes me as a way of distracting from the incredibly damaging fallout from the multiple data loss incidents, the sort of thing to generate di

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[SacredByte]

Yeah, and all because some blowhard didn't keep his system secure...

Suddenly.....

[edwardpickman]

There was a great disturbance in the geek community.

Re:

[SacredByte]

I see we're beating this to death...

Re:

[Anonymous Coward]

I couldn't give a fuck

Re:Suddenly.....

[Kamikaze Chipmunk]

Obviously not, now that your account info has been compromised.

Wait...

[c.r.o.c.o]

There are people who actually PAY for pr0n?!?

does this mean...

[Tastecicles]

"pwned" becomes "pr0ned"?

Gift Cards

[harlows_monkeys]

This is what gift cards are for, available from numerous outlets (Safeway, Office Depot, Wal-Mart, and similar places). You can get prepaid VISA and Mastercard giftcards, which work great for purchasing porn, or other questionable things of an online nature, where you can't trust the vendor. A $50 card will typically cost about $55.

After you buy it, you go to a web site from the card vendor, enter the card number and security code, and then set the user name and billing zip code. Then go wild (well, to the extent that you can go wild with $50...). Here's one such card [allaccessgift.com] that is available at a lot of places.

There are also cards that you can refill from your "real" credit card, but then you are easier to trace. Might as well use a non-refillable card, purchased with cash. That way, if "all models 18 or over, proof on file" turns out to not quite be true, no credit card that can be tied to you will be in the site's records. :-)

If that's not a concern, though, and you are just trying to limit exposure of your real credit card, then go ahead with the refillable cards. In fact, there are even some that are purely online. They don't provide a physical card. You just go to their site, sign up with your credit card, and they give you a credit card number to use online, with a limit of whatever you want to transfer from your credit card. Here is one such virtual card [www-card.com].

NOTE: some gift cards cannot be used for porn or gambling, so choose appropriately. And some can be so used, but add a surcharge for porn.

Re:

[Smordnys s'regrepsA]

...Man, I hate to tell you this, but I think you got phished - someone seems to be posting adverts using your account. Wait! You haven't been browsing for some Hard-Core-Adult-Action lately, have you?

I kid, I kid.

Re:

[metalheadsunite]

I do agree with what is said 1. Who pays for porn anyways? and 2. Gift cards are the coolest thing since sliced bread. When I was little you could go to the store and get an American Express card whenever parents wouldn't let you order stuff online and voila! Was used more for purposes in which you really didn't want some stuff to come back and bite you (aka domain purchases) but it still has many uses even now that I'm in my 20s.

Re:Gift Cards

[Archon-X]

No credit card information was stolen. It's impossible.
CC information does not, repeat, does not [read: is illegal to keep] on the servers of sites.
It is maintained by the billers and processors, who thankfully, have better security.

The threat of stolen CC info is FUD by the poster.

Re:

[jamesh]

I'm not sure that such laws exist here in Australia (and if anyone knows of any, _please_ enlighten me!). Your contract with your merchant will require certain things of you wrt to what you do with any CC information you have taken by whatever means (phone, physical swipe machine, internet, etc), but I'm not aware of any criminal laws that exist.

We effectively turned away a client who wanted to host their web site on our server because it obviously kept credit card information in a database. We just didn't

Re:

[Fulcrum of Evil]

You just can't educate some people.

What's wrong with storing CC info? They had a valid business case for it, as does my employer. How would you handle charge on ship with preorders/backorders?

Re:

[mxs]

[quote]No credit card information was stolen. It's impossible.[/quote]

Interesting that you note something entirely possible to be impossible. CC information can be stolen. If you ever find yourself in a situation where you come to believe that your system is so secure that it's impossible, you probably haven't understood exactly what security, in the context of electronic commerce, means.

[quote]read: is illegal to keep[/quote]

Interesting legal analysis. Patently false, but hey, who's counting. All you might

Re:

[ceejayoz]

CC information does not, repeat, does not [read: is illegal to keep] on the servers of sites.

I'm dubious of the illegal claim, and I know for a fact the rest is false. There are plenty of sites keeping credit card data on their servers. I knew a guy who was keeping credit card data on a shared server - sent shivers down my spine.

Re:

[eison]

Nonsense.
It's a contractual violation to keep CID/CCV2/CVC2 or raw magstripes, yet people still do that, particularly in log files.
It's explicitly allowed to keep card numbers on file. How do you think people bill you every month?

Re:

[account_deleted]

Comment removed based on user account deletion

one time cc numbers

[nguy]

Some banks offer one-time credit card numbers that you can just generate dynamically over the web. Unlike gift cards, they don't cost extra, you don't have to prepay, and you can get them in any amount you need.

pr0nz?

[thatskinnyguy]

Thank god for BitTorrent. Get all your pr0nz and don't even need a user name. Sometimes being an anonymous coward has its advantages.

Of course, really, unless there is someone with a high-profile in that list accessing some really really naughty stuff, this breach won't affect the average Joe Blow out there.

they should do...

[nguy]

... more penetration testing

Re:

[SacredByte]

They should get a stiff fine for not being more vigilant.

doesn't help...

[freaker_TuC]

... There is a staggering amount of people not using condoms anymore !

RE: The Truth

[Archon-X]

Let me be the first to actually point out the key factors in the situation.
I work in adult, and have worked with this CMS very closely for the last 2 years.
I'm not on anyone's side, but unfortunately this problem has been surrounded by a lot of misinformation.

• No credit card information was stolen. Website owners seldom [read: never] have access to this data, it's kept by the credit card processors
• The information that WAS compromised was member information, primarily email addresses, for use in spamming. It 'makes sense' - a list of verified buyers is like the 'holy grail' for spammers.
• The hackers used a list of admin accounts to poll everyone's CMS systems on the hour, and pull out this data. They have either covered their tracks well, or not at all, because they left reams of IP data, and you can see in the logs of the system itself, what information they've pulled.

It is interesting and rather important to note: The poster of the blog article is an absolute douchebag. I'm not happy with the situation obviously, I had my own system compromised, but this guy is an idiot on a warpath - 95% of what's written on his blog is off in the fairyland.
He fails to mention that he's hated by the industry, mainly for the reason that he posted 300 username / password combinations of webmasters publically, which resulted in a lot of them having money stolen from online accounts, etc.
More intelligent ramblings from this guy: My Guide To Tax Evasion [gofuckyourself.com] - Why The Unibomber was right [keithkimmel.com]

Summary: The breach was real. Scope seems to be limited ONLY to member data. Signed up? Expect some spam. Signed up with a password that you use on all your accounts? check your head, change the passwords.

Read more about our friend "minusonbit" - here - on an industry forum [gofuckyourself.com] and judge for yourself.

Re:

[Kasis]

Just WOW. Even if this person had a legitimate point about personal data being stolen, his credibility just went down the pan.

I don't live in the USA but I presume Keith Kimmel does. If I did live in the USA I'd be wary about posting this information in public forums. He admits to tax evasion, not just a few undeclared dollars but big-time tax evasion. He admits to supporting terrorism - "Its unfortunate that people had to die so that his message could be heard, but I think in the end it was a worthwhil

Re:

[minusonebit]

I do not admit to tax evasion. I posted a guide on how people might avoid being coerced into illegal taxes. I don't support terrorism. I support freedom and the end of government control over things they have no business controlling, but THAT is a topic for another day.

Re:

[Archon-X]

Really? Please explain:

The MinusOneBit Guide to Tax Evasion [gofuckyourself.com]

And the kicker:
If You Cheat on Your Taxes and Get Away With It... Do the Right Thing... [gofuckyourself.com]

If You Cheat on Your Taxes and Get Away With It... Do the Right Thing...
E-mail me at minusonebit@gmail.com and tell me how you did it so I can spread the tip to others.

Re:

[vipz]

And the kicker: If You Cheat on Your Taxes and Get Away With It... Do the Right Thing... [gofuckyourself.com]

Well, I'll freely admit that I'm easily amused.

Re:

[minusonebit]

As has been clarified on GFY several times, I did NOT post anyone's passwords anywhere. I linked to a Google cache of about 300 of them that was exposed due to another one of this industry's miserable failings in the security area - a poorly design admin area that did not censor the passwords that got stored in Google. And I covered that on my blog as well. I have never heard the end of that because other people in the industry were upset that another dirty little adult industry secret made it out for every

Re:

[Archon-X]

QFT

I honestly could not care less. Yes, I am pretty much universally hated in the adult industry.

LINKS NOT SAFE FOR WORK

[The_Mystic_For_Real]

The links in the parent to www.gofuckyourself.com aren't safe to open at work or in front of more conservative family members. Otherwise it is a very informative post.

Re:

[jmac1492]

I originally modded this up, but then I read the post again. The website is "gofuckyourself.com" Any address with the word fuck in the title should probably be considered NSFW or NSFMCFM ("More conservative family members"). Especially when the OP called it a fourm for porn industry insiders. Duh.

So I'm posting to undo the moderation.

Re: The Truth

[Archon-X]

Really? Not even when the user signs up for the account and enters the credit card number?

Now, I've never actually bought porn before, but assuming that porn sites work like every other ecommerce site in existance, the credit card number is most certainly entered into a form that's sent to the web server of the porn site. And if the web site has been compromised by a shell account that has premissions to modify the website software (like, say, it has been), then the credit card numbers of anyone who has signed up since the breach are likely to have been stolen.

It actually doesn't work like that.
NATS, the software in question here, acts as a gateway to the payment processor. CC information is never entered or passed through NATs.
It's just the same as when you make a purchase on a website through paypal. No CC information information is ever given to the site, all they receive is a postback. That's exactly the situation here, CC data is stored on the processing servers, and is completely distinct from this mess.

It was reported that CC data was stolen, or may have been but this is entirely untrue as you can see above.

You gave a privileged SSH account to a third party, what did you expect?!

No, I didn't. The accounts were NOT ssh accounts, they were logins to Web UI systems.

Seems? So even you admit you don't actually know whether credit card numbers were stolen.

I do. CC numbers are not stored on this system [I sound like a broken record]. When I say 'seems', I mean that the hacker did not try to take any other information, such as affiliate information, statistics information, or anything else stored in NATS, the software in question.

I'll bet you some were stolen. Any account opened since the breach or that used a recurring payment scheme should check to make sure their credit card wasn't stolen.

Rubbish. This information is not stored in the software or on any of the servers. You can 'bet' all you want. I'll take you on that wager, because you're posting and not knowing what you're talking about.

Re:

[Archon-X]

So unless you've verified that no credit card information is ever stored on the server in any way, you can't say that no credit card numbers have been stolen.

It isn't stored. Again, think of paypal: do they pass the CC information back to the page selling something? Hell no.
It's exactly the same situation here.

YHBT. HTH. HAND.

[Slashdot Parent]

Thank you for reminding me why I never respond to ACs. ;)

Re:

[Ohreally_factor]

This is just another sign of how far slashdot had fallen. It used to be that slashdotters had an understanding of how shit worked, and Archon wouldn't need to explain this beyond saying that the billing system was not compromised.

Re:

[Archon-X]

You would, but you'd be wrong.
In all examples I can think of, and definitely in the question of this software, the CC processing is passed to a processing company.
I can't think of any sites off the top of my head that don't pass the person to the 3rd party page for processing.

Re:

[Archon-X]

For one, I'm talking about adult. The scope of the article is in adult, afterall.
For two, Paypal is a processor. They retain data, but the sites that use them as a processor DO NOT. Johnny Geocities never gets passed the CC info on who donated to his blog, no matter how insecure his security is.

Exactly like what happened here..

TMM are a bunch of lying bastards

[Anonymous Coward]

The real kicker is that every one of our customers that use NATS have been complaining that their affiliates (people that send traffic to them) are being spammed on one-time-use addresses they only typed into NATS. TMM told them that it was our systems that had been hacked, even after we submitted detailed information to them.

Our customers are not happy.

Re:

[Bigbutt]

Funny. I'm one of them with the one-time-use e-mails. As soon as I started getting spammed, I had to do some searching to figure out just why I was getting spammed. I sent an e-mail off to the company identified by the e-mail to let them know they may have been hacked. I also mentioned that I didn't know why I was all of a sudden getting spammed. After a few e-mails, he asked if I'd subscribed to a porn site for a few months last year. Heh, I thanked him as they'd apparently used a "brown paper bag" company

I WROTE THE STORY. I STAND BEHIND IT 110%.

[minusonebit]

I am the guy who wrote the story.

I have already been threatened with a libel lawsuit by a senior executive of Too Much Media for publishing this. I published it anyway. They are still making lawsuit threats http://www.gfy.com/showpost.php?p=13561241&postcount=418 [gfy.com]. I honestly do not care about their threats, I will continue to give media interviews and I will continue to push this story out there. Because people need to know what the industry does not want to tell you.

Go ahead and do what the other p

Re:

[minusonebit]

For those of you who'd like to see how the Industry's media reported on this mess, checkout this link. http://www.xbiz.com/news/88230 [xbiz.com] XBiz whitewashed the story bigtime. And that flat out lied about billing information not being at risk. The hackers had administrative passwords. They had the equivalent of root. It was all there for the taking. No one knows if they were taken because TMM has not been forthcoming or helpful with that end of things. Of course, they say the billing DBs were safe at all times,

Re:I WROTE THE STORY. I STAND BEHIND IT 110%.

[Archon-X]

As posted before, this guy is nothing more than a troll.
It's very simple: You've cast aspertions that CC data was stolen.

Post proof. We're waiting.

Anyone can go to http://www.gofuckyourself.com/forumdisplay.php?f=26 [gofuckyourself.com] an industry forum, search for 'minusonebit', and read for yourself about this guy, and the misinformation that surrounds him.

Re:

[minusonebit]

The intruders had access to the billing data you idiot. They had full access on the entire system. John lost control of his entire company, or most of it. All we have thus far is John's word that the billing data wasn't taken. I flush things down the toilet that are worth more than John's word is right now. I said it may have been stolen, I did not say it *was* stolen. Prove to me - independently of TMM's press statements - that said was safe. Until then, it was compromised. There is no reason to believe th

Re:

[Amelia G]

What is your involvement in internet industry of any kind? Have you ever demoed an affiliate program back end? NATS or any other? What makes you think that software for the purpose of tracking affiliate sales across multiple billers would track consumer financial information?

Re:I WROTE THE STORY. I STAND BEHIND IT 110%.

[Archon-X]

Prove to me - independently of TMM's press statements - that said was safe

From all the logs and data I have seen, and trust me, I have seen more than most people in the industry, the users had access to NATS as admins. Admins cannot pull out biller data, that isn't presented.

Furthermore even if they had, if you were a real webmaster, you'd know: you can login to any biller and cannot see credit card information - CREDIT CARD INFORMATION WAS NOT STOLEN.

Finally taking the tack that 'all information is compromised unless proven otherwise' is complete rubbish. That's as far-reaching as saying: assume your online banking is compromised because they don;'t email you daily saying it's not.

The summary is as it was: NATs was breached, and the issue was handled very poorly. You, however, have posted lies, and FUD, once again, to try to engorge your ego. Your posts are full of lies and FUD, it's just that simple - and anyone w/ 5 mins can follow the links in this discussion and see the same.

Re:

[Archon-X]

When you provide proof to everyone here that credit cards were stolen, I'll beleive you.
As already posted, CC information IS NOT AVAILABLE to the owners of the processing accounts, in an entirely different system.
It is completely impossble that CC information was taken. I could post you my Epoch [Credit card processor] credentials here, and you'd never be able to pull out credit card info on my customers.

You are a troll.

Re:

[stonecypher]

Because people need to know what the industry does not want to tell you.

Yeah, yeah. You also think taxes are illegal. What amazes me is that anyone listens to people like you.

NATS does not have that much market penetration

[Amelia G]

I've seen estimates as high as that 95% of adult sites use NATS and that is just patently not the case. First of all, only sites which have affiliate programs would have any use for NATS at all. Many site owners who have affiliate programs use one of the half dozen other major affiliate program solutions out there or use a custom software solution.

I can personally vouch for the fact that neither BlueBlood.com [blueblood.com] nor SpookyCash.com [spookycash.com] nor any of their subsidiary or partner sites have ever implemented NATS in an

Re:

[minusonebit]

I was alerted to that error earlier today and just now notice that I had corrected it only at the top of the post. I have since fixed it throughout the article. The correct market penetration - I am told - is somewhere around 35% to 40% of all adult sites online.

Re:

[Amelia G]

I read the 95% figure a couple minutes before I posted here. For that matter, where do you get the 35% to 40% figure?

Re:

[minusonebit]

A program owner within the adult industry who asked that I please not drag his name out into the public limelight.

Re:

[Archon-X]

I value privacy

Again, this is total horseshit. This guy a few months ago posted 300 usernames and passwords to webmaster accounts, causing many to lose thousands of data from this information. You can lie and spin it as much as you want, but the evidence is in the posts and your actions. You have already admitted in this thead that 'you don't care' about others and the consequences of your actions - and your continued posts where you change your 'facts' are just a further indiction of your unreliability.

Re:

[Archon-X]

Ah, resorting to insults when you don't have proof.
Ladies and gentlemen, the real 'minusonbit'

Re:

[Amelia G]

Which statement did I make that you'd like facts to back up? Because, unlike you, I am wholly prepared to back up what I have to say. I don't want to know the name of your laughably fictitious anonymous source. I want to know how the data was arrived at because it strikes me that you have little concern for accuracy. I own the leading affiliate program in my niche and I think your data is way way way off, so I find it highly flawed thinking for you to believe that one other program owner's guesstimate is

Re:OMG LOL!!

[Lord Bitman]

HAHAHaHHAHAH "Penetration"!! Hehehehehehe omg rotflmao

Re:

[stonecypher]

Please don't use slashdot to advertise your services while your competition is imploding. Even being in porn, you should be able to recognize how tacky that is. It's one thing to have it in your sig - lord knows I do too - but to stand there and pretend like you're making idle conversation while you namedrop stuff like that? Honestly.

You don't see me posting when some random hosting provider does something bad. There's making yourself visible, and there's being a vulture. Which side of the line do you

Trend?

[Porchroof]

I hope this is the beginning of a trend: hack all adult sites and cause them as much trouble as possible. The world doesn't need that filth.

Besides, it would be payback for taking over all of the home computers in their attempt to sell their crap.

Re:

[Archon-X]

Your post is a scary reflection of presumably intelligent people who actually believe this FUD.
#1 - If you consider porn and sex filth, that's a problem in itself.
#2 - Making a blanket statement that the adult industry is reponsible for your spam is about as intelligent as blaming yourself for stock spam.

Re:

[david_thornley]

Not to try to get moral or anything, but pornographic websites at least were among the least pleasant to stumble across on the Web. Frequently it would be necessary to quit the browser or disable Javascript to get away, and they lurked on URLs that would likely be hit by accident. I presume that there were a lot of well-behaved sites out there, with names like pr0n-r-us, that I'm unlikely to stumble across by accident, but my impressions are mostly from the obnoxious ones.

So, despite sympathy for those

Re:

[stonecypher]

You know, I'm inclined to stick up for you, because there's some douche tax nutjob badmouthing you.

At the same time, honestly, dude, come the fuck on, if you're going to pretend that porn isn't one of the biggest sources of spam? You've got a little credibility management to do yourself, here. Look at what places like the dating sites do - there are six really bad ones, and I bet you could count them off one by one if you tried, taking over yahoo groups, craigslist, and so on. Sure, it's a really small f

Re:

[Bigbutt]

Pretty funny. While I don't look over spams that I receive, a quick grep of the past month shows that the one site I did go to isn't there.

The only time I've ever seen the site listed was here on Slashdot a few years back. I visited and liked what I saw. When they locked it down a bit further so all I could see were blurred out images, I paid my couple of bucks for a few months and downloaded all I could ever use. It's been a year and I haven't "used up" any of the downloads.

Heck, I may be good until I die

Maybe more?

[Descalzo]

"Tens of thousands -- or maybe more -- ...."

Does that mean elevens of thousands?

Re:

[SacredByte]

Contrary to popular belief, we don't all live in our parents' basements. Not all houses have basements. Also, I don't even have 500GB of total hard drive space. Anyway, it is relevant because it happened through the negligence of the person maintaining the originally compromised system. Had the person(s) responsible done their job in keeping the computer secure, the system wouldn't have been compromised. Thus, it serves as warning to all of us, that if we present a sufficient target, we must be proportiona

Re:

[minusonebit]

Thats about the sum of it.

Re:

[SacredByte]

What a childish sentiment.

Re:

[Antique Geekmeister]

Isn't the lack of paranoia on the part of those who run adult websites how this happened?

Re:

[minusonebit]

Or the fact that a good portion of them simply don't care. Their solution is to send an army of people here to tag and comment me into the ground. Some of them continue to collect webmaster affiliate account data (which includes tax IDs/SSNs) on pages that have no SSL encryption at all. Despite the fact that I brought it up months ago.

Re:

[Antique Geekmeister]

Oh, my. Yes, good security does cost some effort to do, and sometimes clients don't want to spend the work and resources. You have my sympathy for this situation.

I don't suppose you could, very quietly, contact the BBB or the IRS about people being so cavalier with such information?