Online

NATS Facing Security Issue

By: Sherri L. Shaulis

Posted: 12/25/2007

FREEHOLD, N.J. - John Albright, owner of Too Much Media, which produces the Next-Generation Administration and Tracking System, noted over the weekend that his company is looking into how a security break occurred in the NATS system and apologized for the way the issue was handled.

 

"It appears at this point that a number of the non-unique admin usernames and passwords we maintain for support were compromised," Albright wrote. "All passwords we had were charged to a random string, and we have destroyed our list and our mechanism of keeping it, which resided on a local server in the office."

 

The software program reportedly has been compromised for several months. Details on the breach are still sketchy, but postings on various adult-industry chat rooms show that talk of the issue began in October. At that time, someone reportedly gained access to a Too Much Media server that stored a listing of passwords used to maintain clients' installations of the NATS software.

 

An executive at OC3 Networks reportedly noticed that Web-hosting customers who also used NATS were being broken into. OC3 executives reportedly posted threads about the experience on chat rooms and contacted Too Much Media officials about the problem.

 

Albright told AVN Online the company is releasing information about the "ongoing issue" as it becomes available.

 

In chat-room postings, he wrote that the company is investigating whether someone accessed the list of usernames and passwords from the server in the office and how that could have been accomplished. Apparently, no credit information was compromised, but the company is still investigating the extent of the security breach.

 

Albright said the company is "no longer maintaining any passwords for anything."

 

He also apologized for the company's "previous handling of the issue."

 

"We believed we had a way of knowing which clients were affected, and we contacted them immediately," he wrote. "Apparently, we were wrong. ... If we had known that the issue was more widespread, we would have, without question, contacted everyone."

 

Too Much Media posted a notice on its website Sunday afternoon.

 

"We have become aware of a security issue involving admin passwords we maintain for support of our clients," the notice stated. "As a precaution, we have added a few features to aid in the security of NATS. Please submit a support ticket at your earliest convenience, so you may be updated to take advantage of these new features. This is not an exploit of NATS, and this update does not patch any holes. It adds new security features."

 

NATS, the flagship product of Too Much Media, is an affiliate back-end used to run various aspects of an affiliate program, excluding processing of financial transactions. The software is designed to handle affiliate sign-ups, statistics, traffic and sales tracking, and administrative functions, among other capabilities.