Sexyteaser
03-19-2008, 09:17 PM
Well Here we go... I guess it is all coming out now!
Tens of Thousands of Adult Website Records Compromised (http://www.icwt.us/index.php/2007/12/23/tens-of-thousands-of-adult-website-records-compromised/)
Keith | Agencies (http://www.icwt.us/index.php/category/police-state/agencies/), All Posts (http://www.icwt.us/index.php/category/all-posts/), Campaign 2008 (http://www.icwt.us/index.php/category/campaign-2008/), Charles Berrebbi (http://www.icwt.us/index.php/category/people/charles-berrebbi/), Companies and Brands (http://www.icwt.us/index.php/category/companies-and-brands/), Computing (http://www.icwt.us/index.php/category/technology/computing/), Corporate America (http://www.icwt.us/index.php/category/corporate-america/), Crime (http://www.icwt.us/index.php/category/crime/), Culture (http://www.icwt.us/index.php/category/corporate-america/culture/), Data Mining (http://www.icwt.us/index.php/category/police-state/data-mining/), Defective (http://www.icwt.us/index.php/category/products/defective/), FBI (http://www.icwt.us/index.php/category/police-state/agencies/fbi/), Greed (http://www.icwt.us/index.php/category/corporate-america/greed/), High Tech (http://www.icwt.us/index.php/category/crime/high-tech/), Identification (http://www.icwt.us/index.php/category/police-state/identification/), Invasive (http://www.icwt.us/index.php/category/products/invasive/), Issues (http://www.icwt.us/index.php/category/campaign-2008/issues/), John Albright (http://www.icwt.us/index.php/category/people/john-albright/), Kimberly Timko (http://www.icwt.us/index.php/category/people/kimberly-timko/), NATS (http://www.icwt.us/index.php/category/technology/computing/software/nats/), National Security (http://www.icwt.us/index.php/category/police-state/national-security/), Oddball Stuff (http://www.icwt.us/index.php/category/oddball-stuff/), People (http://www.icwt.us/index.php/category/people/), Police State (http://www.icwt.us/index.php/category/police-state/), Privacy (http://www.icwt.us/index.php/category/police-state/privacy/), Products (http://www.icwt.us/index.php/category/products/), Scandal (http://www.icwt.us/index.php/category/corporate-america/scandal/), Software (http://www.icwt.us/index.php/category/technology/computing/software/), Technology (http://www.icwt.us/index.php/category/technology/), Too Much Media (http://www.icwt.us/index.php/category/companies-and-brands/too-much-media/) | Sunday, December 23rd, 2007
A popular software program called NATS (http://www.toomuchmedia.com/), which powers the backend of about 35% of all adult paysites online today has reportedly been in a compromised status for several months while the company that owned and manages the software did little to nothing to correct the issue, according to information obtained by ICWT. NATS is made by Freehold, New Jersey-based Too Much Media (http://www.toomuchmedia.com/) (TMM) and is used to provide a management and reporting interface that adult paysite owners use to report affiliate sales and earned commissions to affiliates as well as track and manage sales of memberships.
How It Happened:
ICWT first learned of the massive security breach when a series of posts were made on an adult industry web bulletin board known as “GFY (http://www.gfy.com/)“, where webmasters from the adult community congregate to discuss business. Exact details of the incident are still being pieced together, similar to a jigsaw puzzle.
The story started to break when staff at OC3 Networks (http://www.oc3networks.com/), a webhosting company that provides website hosting to numerous adult websites started to notice a pattern of customers who ran the NATS software reporting that their systems had been broken into sometime back in October of 2007. One of the executives who runs OC3 Networks recently posted a thread (http://www.gfy.com/showpost.php?p=13551150&postcount=1) to GFY about their experiences with NATS and how it related to the break-ins, after working to secure their clients as well as companies having servers at other webhosts. OC3 says (http://www.gfy.com/showpost.php?p=13551150&postcount=1) it also discussed the issue with Too Much Media upon discovery as well.
Discussions further down in that same thread (http://www.gfy.com/showpost.php?p=13551150) make reference to allegations that Too Much Media did everything it could to keep news of its exploit out of the public limelight and not much to fix the security issue itself. It is rumored (http://www.gfy.com/showpost.php?p=13557163&postcount=363) that Too Much Media had even threatened to sue several people who spoke of the exploit in public, a rumor that seems to be confirmed by ICWT’s experiences with them (more on this below).
Shortly after OC3 Networks published it’s report, TMM also released a statement (http://www.gfy.com/showthread.php?t=794219) on GFY regarding the flaw which later turned into a quite heated discussion. While details on the breach remain very sketchy and what exactly has been affected (TMM has not been forthcoming with full details on exactly how this issue came to be or how much information is at risk), on information and belief, the breach affects anyone who has purchased a membership to an adult site that uses the NATS software to manage or track its sales as well as adult webmasters who promote the pay sites by placing links on their websites with embedded NATS tracking code, which then allow them to earn a portion of the sale as a commission.
From what ICWT has gathered, the integrity of the NATS system was compromised at some point during or perhaps prior to October, 2oo7 when an unknown person(s) gained access by unknown method(s) to a server in TMM’s office where they stored a listing of the passwords used to maintain their client’s installations of the NATS software. This much has been confirmed by TMM (http://www.gfy.com/showpost.php?p=13552105&postcount=1) staff in their statement on the situation.
TMM apparently required webmasters who used its software to keep an SSH account available on the webmaster’s server for the purported purpose of maintaining the NATS software. It has been widely commented on within the webmaster community that NATS personnel often accessed the servers without warning and with usage patterns that could be described as strange. While some webmasters turned off the accounts and only re-enabled them when NATS staffers needed to do maintenance of upgrades, it seems to have been a standard practice to setup the accounts and forget about them.
There is also speculation (http://www.gfy.com/showpost.php?p=13548295&postcount=75) that this whole thing could have been an inside job. We do not have confirmation of this.
What Information is Affected:
The number of records potentially compromised is not known, but is believed to be in the tens of thousands or perhaps even hundreds of thousands of accounts. The NATS system is deployed on an estimated 35% to 40% of all adult sites, so if someone purchased a membership to an adult site since October, 2007 - there is a good chance that they are potentially effected.
The information that was compromised appears to possibly include, with regard to those who bought memberships on adult sites appears to include name, address, telephone number, e-mail address, IP address, billing information and possibly other information provided or collected during signup.
For webmaster affiliates, the information that may have been compromised could include your name, address, telephone and fax numbers, e-mail addresses, sales and payment history, taxpayer ID, IP address and possibly other information provided or collected at some point in the relationship.
At this time, there does not appear to be any concrete proof that data was actually taken off the servers or used, just that an intruder did manage to access the system. However, there is reason to wonder whether the data has been misused, there have been numerous recent reports (http://www.gfy.com/showthread.php?t=793881) of people who signed up with a paysite running NATS receiving large amounts of spam after signing up.
What Should Users Do:
Users who have purchased a membership at an adult site at any time this year that uses NATS should first check their statements for the payment method they used to sign up for the adult site for any unusual activity and report same to their financial institution immediately. If such action is noticed, or if users have experienced other invasions or violations of their privacy, users should contact TMM (http://www.toomuchmedia.com/corporate/contact.html) and request that they be compensated for any losses or damages that they may have incurred and additionally, demand that TMM provide them with credit monitoring services and other identity theft recovery services at TMM’s expense.
Webmaster affiliates who have suffered a loss or violation of their privacy as result of the issue should contact their attorneys to investigate legal options for recovery and compensation as well as representatives from companies issuing any insurance policies to them that may cover malpractice or incompetence on the part of other parties with whom they do business. Additionally, those companies should also contact TMM and demand compensation.
Regardless of whether they are consumers or webmaster affiliates, all parties who have suffered a loss or experienced an invasion of their privacy or misuse of personal information should file complaints with their local police departments, the attorney general of their state, the Federal Trade Commission (http://www.ftc.gov/ftc/cmplanding.shtm) , The Internet Crime Complaint Center (http://www.ic3.gov/complaint/) (IC3) and contact a reputable attorney specializing in fraud, consumer protection or contract law as may be applicable. Generalized resources for victims of identity theft can be found at The Privacy Rights Clearinghouse (http://www.privacyrights.org/identity.htm).
Users who receive telemarketing calls or spam as a result of this incident should file complaints with the FTC for violations of the CAN-SPAM Act or with the FCC for violations of the Do Not Call List if users are registered on it. Those who receive junk faxes should start by getting help here (http://www.junkfax.org/).
Additional Concerns and Problems:
TMM also very recently purchased an adult billing company (http://www.avn.com/index.cfm?objectid=CB49D226-9C04-1D15-748B83D62941417D) known as Segregated Payments, Ltd. (more commonly called “SegPay (http://www.segpay.com/)“) which currently process payments for adult paysites in the EU. TMM has announced (http://www.gfy.com/showpost.php?p=13501203&postcount=1) plans to launch TMMSegPay (http://tmmsegpay.com/) which will provide payments services to the US market sector as a registered Visa IPSP (http://businesscenter.ccbill.com/visa_ipsp_faq.php). In light of the information ICWT has uncovered, we’re very concerned about this both for the integrity of the adult industry and the safety of user’s credit card information.
Perhaps this is more an interesting footnote, but TMM’s John Albright seems to be connected to a stats tracking site (now defunct) similar to Sex Tracker that was known as Porn Graph. That site was accused by numerous adult webmasters (http://www.gfy.com/showthread.php?t=275929) of putting code into its website that installed malicious software without the knowledge or consent of end users. Several webmasters claimed this resulted in numerous domains getting banned from search engines.
John (who at that time reportedly used a different board alias “GoGoBar”) claims (http://www.gfy.com/showpost.php?p=4027114&postcount=34) that he sold the site and the new owners were responsible for these actions and that he couldn’t comment on the ordeal, but according to a confidential source within the adult industry, ICWT has learned that after the supposed sale, only the domain’s whois information changed but the hosting was never moved. It would be possible for one to infer that this indicates that the claimed sale never took place.
Whats Being Done & Possible Legal Action Against ICWT:
Rumor has it that the FBI has been called in to investigate the situation, we have no confirmation of this. In fact, it looks like the industry and TMM may attempt to sweep this under the rug and as such, thats the main reason for it getting reported here. Other than this, TMM has made a statement and supposedly told its customers how to secure their installations of the software. Many in the industry are skeptical on whether the instructions provided by TMM fully address the issue.
The editor of ICWT has been contacted via GFY and publicly threatened with a libel lawsuit by John Albright with Too Much Media. John appears to be an executive officer of the company. ICWT has a contingency plan in place for legal action that is taken as a result of stories that are published here. I am not concerned about the ability of ICWT to continue operations should legal action be taken and furthermore, I am confident that ICWT is on firm first amendment grounds in any such claims. ICWT will ultimately prevail.
ICWT will follow this story and keep you updated as to any new developments.
Update #1: Too Much Media / NATS Possibly in Breach of Laws of Nearly 40 States
On information and belief, Too Much Media did not notify its clients of the supposed breach until within the last week, the last couple of days or the last couple of hours - depending on which report you want to go by. In most cases, this is insufficient to satisfy the legal requirements of nearly 40 states that consumers be notified of breaches of personal information. Most laws require that the notifications be done immediately upon discovery of the breach or as soon as practical.
Consumers are advised to examine this page (http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm) which lists states that have enacted notification requirements and determine if Too Much Media was required to notify you of the breach and failed to do so. Too Much Media is organized in New Jersey and even if they were organized in another state, under the New Jersey Notification Law (http://www.njleg.state.nj.us/2004/Bills/PL05/226_.HTM) they would be required to notify all New Jersey residents because they did business in that state. This will vary from state to state, you can determine your individual situation by clicking the link above and reviewing the statute for your particular state. If you need assistance in deciphering the legal code, we apologize but we cannot help you with this, you’ll need to contact an attorney or your local bar association and ask for a “court advocate” who may be able to answer simple questions without charge.
Update #2: Rewrite to Clarify Sources Relied Upon for this Report
The amount of information used to construct this report is both lengthy and hard to manage. For those unfamiliar with the Adult Entertainment Industry, most of the discussion and debates amongst various parties takes place message boards (some open, some closed to the public), instant messengers like AIM and ICQ and at conventions or meetings organized for that purpose. And it often happens in a very messy and heated manner that results in mud slinging and name calling. To help get our readers right to the facts, we have re-written this post with links directly to the relevant posts.
Update #3: Too Much Media Told Affiliates There Were No Exploits
On another adult industry forum known as Just Blow Me (http://www.justblowme.com/), TMM’s John Albright told affiliates (http://justblowme.com/showpost.php?p=1252191&postcount=5) back on 10/27/07 that “There are no known exploits in NATS. There was no exploit found.” and hinted at suing people for spreading what - according to him - was “misinformation”.
Update #4: TMM’s John Albright Implies More Legal Action, Slashdot Picks Up the Story + Small Retraction
TMM’s John Albright is busy on GFY implying more legal action (http://www.gfy.com/showpost.php?p=13561604&postcount=5) against people who speak out against him. This time, it appears he is threatening employees of his competition, MPA3 (http://www.mpa3.com/).
Additionally, I am pleased to announce that this story has accomplished its goal to ensure that the adult industry will not be able to sweep this matter under the rug. Earlier this morning, this story hit the revered Slashdot (http://it.slashdot.org/article.pl?sid=07/12/25/0050204). It will be almost impossible for this issue to miss getting the scrutiny it desperately needs.
Finally, it has been brought to my attention that NATS does not enjoy 80% to 95% market penetration as was originally reported here. Instead, that number is more like 35% to 40% of all porn sites online today, according to an industry source who requested that I not name him. I am very sorry for implying that Too Much Media was more successful than it really is. ICWT and I both regret the error.
Update #5:
The adult industry has begun the mis-information counter campaign (http://www.gfy.com/showthread.php?t=794889) in earnest. They really don’t want you to know about this, folks.
http://www.icwt.us/index.php/2007/12/23/tens-of-thousands-of-adult-website-records-compromised/
(http://www.icwt.us/)
Tens of Thousands of Adult Website Records Compromised (http://www.icwt.us/index.php/2007/12/23/tens-of-thousands-of-adult-website-records-compromised/)
Keith | Agencies (http://www.icwt.us/index.php/category/police-state/agencies/), All Posts (http://www.icwt.us/index.php/category/all-posts/), Campaign 2008 (http://www.icwt.us/index.php/category/campaign-2008/), Charles Berrebbi (http://www.icwt.us/index.php/category/people/charles-berrebbi/), Companies and Brands (http://www.icwt.us/index.php/category/companies-and-brands/), Computing (http://www.icwt.us/index.php/category/technology/computing/), Corporate America (http://www.icwt.us/index.php/category/corporate-america/), Crime (http://www.icwt.us/index.php/category/crime/), Culture (http://www.icwt.us/index.php/category/corporate-america/culture/), Data Mining (http://www.icwt.us/index.php/category/police-state/data-mining/), Defective (http://www.icwt.us/index.php/category/products/defective/), FBI (http://www.icwt.us/index.php/category/police-state/agencies/fbi/), Greed (http://www.icwt.us/index.php/category/corporate-america/greed/), High Tech (http://www.icwt.us/index.php/category/crime/high-tech/), Identification (http://www.icwt.us/index.php/category/police-state/identification/), Invasive (http://www.icwt.us/index.php/category/products/invasive/), Issues (http://www.icwt.us/index.php/category/campaign-2008/issues/), John Albright (http://www.icwt.us/index.php/category/people/john-albright/), Kimberly Timko (http://www.icwt.us/index.php/category/people/kimberly-timko/), NATS (http://www.icwt.us/index.php/category/technology/computing/software/nats/), National Security (http://www.icwt.us/index.php/category/police-state/national-security/), Oddball Stuff (http://www.icwt.us/index.php/category/oddball-stuff/), People (http://www.icwt.us/index.php/category/people/), Police State (http://www.icwt.us/index.php/category/police-state/), Privacy (http://www.icwt.us/index.php/category/police-state/privacy/), Products (http://www.icwt.us/index.php/category/products/), Scandal (http://www.icwt.us/index.php/category/corporate-america/scandal/), Software (http://www.icwt.us/index.php/category/technology/computing/software/), Technology (http://www.icwt.us/index.php/category/technology/), Too Much Media (http://www.icwt.us/index.php/category/companies-and-brands/too-much-media/) | Sunday, December 23rd, 2007
A popular software program called NATS (http://www.toomuchmedia.com/), which powers the backend of about 35% of all adult paysites online today has reportedly been in a compromised status for several months while the company that owned and manages the software did little to nothing to correct the issue, according to information obtained by ICWT. NATS is made by Freehold, New Jersey-based Too Much Media (http://www.toomuchmedia.com/) (TMM) and is used to provide a management and reporting interface that adult paysite owners use to report affiliate sales and earned commissions to affiliates as well as track and manage sales of memberships.
How It Happened:
ICWT first learned of the massive security breach when a series of posts were made on an adult industry web bulletin board known as “GFY (http://www.gfy.com/)“, where webmasters from the adult community congregate to discuss business. Exact details of the incident are still being pieced together, similar to a jigsaw puzzle.
The story started to break when staff at OC3 Networks (http://www.oc3networks.com/), a webhosting company that provides website hosting to numerous adult websites started to notice a pattern of customers who ran the NATS software reporting that their systems had been broken into sometime back in October of 2007. One of the executives who runs OC3 Networks recently posted a thread (http://www.gfy.com/showpost.php?p=13551150&postcount=1) to GFY about their experiences with NATS and how it related to the break-ins, after working to secure their clients as well as companies having servers at other webhosts. OC3 says (http://www.gfy.com/showpost.php?p=13551150&postcount=1) it also discussed the issue with Too Much Media upon discovery as well.
Discussions further down in that same thread (http://www.gfy.com/showpost.php?p=13551150) make reference to allegations that Too Much Media did everything it could to keep news of its exploit out of the public limelight and not much to fix the security issue itself. It is rumored (http://www.gfy.com/showpost.php?p=13557163&postcount=363) that Too Much Media had even threatened to sue several people who spoke of the exploit in public, a rumor that seems to be confirmed by ICWT’s experiences with them (more on this below).
Shortly after OC3 Networks published it’s report, TMM also released a statement (http://www.gfy.com/showthread.php?t=794219) on GFY regarding the flaw which later turned into a quite heated discussion. While details on the breach remain very sketchy and what exactly has been affected (TMM has not been forthcoming with full details on exactly how this issue came to be or how much information is at risk), on information and belief, the breach affects anyone who has purchased a membership to an adult site that uses the NATS software to manage or track its sales as well as adult webmasters who promote the pay sites by placing links on their websites with embedded NATS tracking code, which then allow them to earn a portion of the sale as a commission.
From what ICWT has gathered, the integrity of the NATS system was compromised at some point during or perhaps prior to October, 2oo7 when an unknown person(s) gained access by unknown method(s) to a server in TMM’s office where they stored a listing of the passwords used to maintain their client’s installations of the NATS software. This much has been confirmed by TMM (http://www.gfy.com/showpost.php?p=13552105&postcount=1) staff in their statement on the situation.
TMM apparently required webmasters who used its software to keep an SSH account available on the webmaster’s server for the purported purpose of maintaining the NATS software. It has been widely commented on within the webmaster community that NATS personnel often accessed the servers without warning and with usage patterns that could be described as strange. While some webmasters turned off the accounts and only re-enabled them when NATS staffers needed to do maintenance of upgrades, it seems to have been a standard practice to setup the accounts and forget about them.
There is also speculation (http://www.gfy.com/showpost.php?p=13548295&postcount=75) that this whole thing could have been an inside job. We do not have confirmation of this.
What Information is Affected:
The number of records potentially compromised is not known, but is believed to be in the tens of thousands or perhaps even hundreds of thousands of accounts. The NATS system is deployed on an estimated 35% to 40% of all adult sites, so if someone purchased a membership to an adult site since October, 2007 - there is a good chance that they are potentially effected.
The information that was compromised appears to possibly include, with regard to those who bought memberships on adult sites appears to include name, address, telephone number, e-mail address, IP address, billing information and possibly other information provided or collected during signup.
For webmaster affiliates, the information that may have been compromised could include your name, address, telephone and fax numbers, e-mail addresses, sales and payment history, taxpayer ID, IP address and possibly other information provided or collected at some point in the relationship.
At this time, there does not appear to be any concrete proof that data was actually taken off the servers or used, just that an intruder did manage to access the system. However, there is reason to wonder whether the data has been misused, there have been numerous recent reports (http://www.gfy.com/showthread.php?t=793881) of people who signed up with a paysite running NATS receiving large amounts of spam after signing up.
What Should Users Do:
Users who have purchased a membership at an adult site at any time this year that uses NATS should first check their statements for the payment method they used to sign up for the adult site for any unusual activity and report same to their financial institution immediately. If such action is noticed, or if users have experienced other invasions or violations of their privacy, users should contact TMM (http://www.toomuchmedia.com/corporate/contact.html) and request that they be compensated for any losses or damages that they may have incurred and additionally, demand that TMM provide them with credit monitoring services and other identity theft recovery services at TMM’s expense.
Webmaster affiliates who have suffered a loss or violation of their privacy as result of the issue should contact their attorneys to investigate legal options for recovery and compensation as well as representatives from companies issuing any insurance policies to them that may cover malpractice or incompetence on the part of other parties with whom they do business. Additionally, those companies should also contact TMM and demand compensation.
Regardless of whether they are consumers or webmaster affiliates, all parties who have suffered a loss or experienced an invasion of their privacy or misuse of personal information should file complaints with their local police departments, the attorney general of their state, the Federal Trade Commission (http://www.ftc.gov/ftc/cmplanding.shtm) , The Internet Crime Complaint Center (http://www.ic3.gov/complaint/) (IC3) and contact a reputable attorney specializing in fraud, consumer protection or contract law as may be applicable. Generalized resources for victims of identity theft can be found at The Privacy Rights Clearinghouse (http://www.privacyrights.org/identity.htm).
Users who receive telemarketing calls or spam as a result of this incident should file complaints with the FTC for violations of the CAN-SPAM Act or with the FCC for violations of the Do Not Call List if users are registered on it. Those who receive junk faxes should start by getting help here (http://www.junkfax.org/).
Additional Concerns and Problems:
TMM also very recently purchased an adult billing company (http://www.avn.com/index.cfm?objectid=CB49D226-9C04-1D15-748B83D62941417D) known as Segregated Payments, Ltd. (more commonly called “SegPay (http://www.segpay.com/)“) which currently process payments for adult paysites in the EU. TMM has announced (http://www.gfy.com/showpost.php?p=13501203&postcount=1) plans to launch TMMSegPay (http://tmmsegpay.com/) which will provide payments services to the US market sector as a registered Visa IPSP (http://businesscenter.ccbill.com/visa_ipsp_faq.php). In light of the information ICWT has uncovered, we’re very concerned about this both for the integrity of the adult industry and the safety of user’s credit card information.
Perhaps this is more an interesting footnote, but TMM’s John Albright seems to be connected to a stats tracking site (now defunct) similar to Sex Tracker that was known as Porn Graph. That site was accused by numerous adult webmasters (http://www.gfy.com/showthread.php?t=275929) of putting code into its website that installed malicious software without the knowledge or consent of end users. Several webmasters claimed this resulted in numerous domains getting banned from search engines.
John (who at that time reportedly used a different board alias “GoGoBar”) claims (http://www.gfy.com/showpost.php?p=4027114&postcount=34) that he sold the site and the new owners were responsible for these actions and that he couldn’t comment on the ordeal, but according to a confidential source within the adult industry, ICWT has learned that after the supposed sale, only the domain’s whois information changed but the hosting was never moved. It would be possible for one to infer that this indicates that the claimed sale never took place.
Whats Being Done & Possible Legal Action Against ICWT:
Rumor has it that the FBI has been called in to investigate the situation, we have no confirmation of this. In fact, it looks like the industry and TMM may attempt to sweep this under the rug and as such, thats the main reason for it getting reported here. Other than this, TMM has made a statement and supposedly told its customers how to secure their installations of the software. Many in the industry are skeptical on whether the instructions provided by TMM fully address the issue.
The editor of ICWT has been contacted via GFY and publicly threatened with a libel lawsuit by John Albright with Too Much Media. John appears to be an executive officer of the company. ICWT has a contingency plan in place for legal action that is taken as a result of stories that are published here. I am not concerned about the ability of ICWT to continue operations should legal action be taken and furthermore, I am confident that ICWT is on firm first amendment grounds in any such claims. ICWT will ultimately prevail.
ICWT will follow this story and keep you updated as to any new developments.
Update #1: Too Much Media / NATS Possibly in Breach of Laws of Nearly 40 States
On information and belief, Too Much Media did not notify its clients of the supposed breach until within the last week, the last couple of days or the last couple of hours - depending on which report you want to go by. In most cases, this is insufficient to satisfy the legal requirements of nearly 40 states that consumers be notified of breaches of personal information. Most laws require that the notifications be done immediately upon discovery of the breach or as soon as practical.
Consumers are advised to examine this page (http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm) which lists states that have enacted notification requirements and determine if Too Much Media was required to notify you of the breach and failed to do so. Too Much Media is organized in New Jersey and even if they were organized in another state, under the New Jersey Notification Law (http://www.njleg.state.nj.us/2004/Bills/PL05/226_.HTM) they would be required to notify all New Jersey residents because they did business in that state. This will vary from state to state, you can determine your individual situation by clicking the link above and reviewing the statute for your particular state. If you need assistance in deciphering the legal code, we apologize but we cannot help you with this, you’ll need to contact an attorney or your local bar association and ask for a “court advocate” who may be able to answer simple questions without charge.
Update #2: Rewrite to Clarify Sources Relied Upon for this Report
The amount of information used to construct this report is both lengthy and hard to manage. For those unfamiliar with the Adult Entertainment Industry, most of the discussion and debates amongst various parties takes place message boards (some open, some closed to the public), instant messengers like AIM and ICQ and at conventions or meetings organized for that purpose. And it often happens in a very messy and heated manner that results in mud slinging and name calling. To help get our readers right to the facts, we have re-written this post with links directly to the relevant posts.
Update #3: Too Much Media Told Affiliates There Were No Exploits
On another adult industry forum known as Just Blow Me (http://www.justblowme.com/), TMM’s John Albright told affiliates (http://justblowme.com/showpost.php?p=1252191&postcount=5) back on 10/27/07 that “There are no known exploits in NATS. There was no exploit found.” and hinted at suing people for spreading what - according to him - was “misinformation”.
Update #4: TMM’s John Albright Implies More Legal Action, Slashdot Picks Up the Story + Small Retraction
TMM’s John Albright is busy on GFY implying more legal action (http://www.gfy.com/showpost.php?p=13561604&postcount=5) against people who speak out against him. This time, it appears he is threatening employees of his competition, MPA3 (http://www.mpa3.com/).
Additionally, I am pleased to announce that this story has accomplished its goal to ensure that the adult industry will not be able to sweep this matter under the rug. Earlier this morning, this story hit the revered Slashdot (http://it.slashdot.org/article.pl?sid=07/12/25/0050204). It will be almost impossible for this issue to miss getting the scrutiny it desperately needs.
Finally, it has been brought to my attention that NATS does not enjoy 80% to 95% market penetration as was originally reported here. Instead, that number is more like 35% to 40% of all porn sites online today, according to an industry source who requested that I not name him. I am very sorry for implying that Too Much Media was more successful than it really is. ICWT and I both regret the error.
Update #5:
The adult industry has begun the mis-information counter campaign (http://www.gfy.com/showthread.php?t=794889) in earnest. They really don’t want you to know about this, folks.
http://www.icwt.us/index.php/2007/12/23/tens-of-thousands-of-adult-website-records-compromised/
(http://www.icwt.us/)