[ISN] Porn industry frets over security breach

From: InfoSec News (alerts@private)
Date: Fri Dec 28 2007 - 01:26:09 PST


http://www.dailynews.com/ci_7816784

By Lisa Friedman
Washington Bureau
LA Daily News
12/27/2007

WASHINGTON - A New Jersey company that helps run thousands of 
pornography Web sites acknowledged a major security breach Wednesday, 
sparking widespread concern in the adult-entertainment industry that 
consumers' personal data could be endangered.

According to industry chat boards that have been buzzing about the 
problem, the violation so far appears to be limited to e-mail addresses, 
with an avalanche of spam e-mail hitting Web site customers' inboxes - 
including unique addresses created for joining specific porn sites.

John Albright, owner of the Too Much Media Corp., said in a statement 
Wednesday that no credit-card information was affected by the October 
incident.

Officials with both Visa and MasterCard said they were unaware Wednesday 
of any problems in connection with the company.

"An investigation is under way as to the cause and level of the security 
breach," Albright said in the statement. "TMM intends to prosecute to 
the fullest extent possible anyone responsible for any breach of its 
servers and programs."

But many in the adult industry - based heavily in the San Fernando 
Valley - said the breach could unravel hard-fought attempts to change 
the longtime perception that the industry is shady.

"The adult industry has worked for a long time to become an industry 
that can be trusted with personal information," said Kathee Brewer, 
former editor of AVN Online, the trade journal of the digital 
adult-entertainment industry.

When customer information is leaked - even if it is only e-mail 
addresses - Brewer said, "consumers begin to back away because they 
don't trust the industry anymore. All it takes is one issue like this."

Phone calls and e-mails to Albright to discuss details of the breach 
were not returned this week.

It remains unclear how much information may have been accessed and how 
the incident began.

But industry insiders and companies that use Too Much Media Corp. 
software said they have been aware since October that some customer 
lists belonging to porn-site networks had been stolen. They estimated 
that the number of victims could be in the hundreds of thousands.

"You can imagine the backlash," said Ilan Michan, owner of Woodland 
Hills-based OC-3 Networks, a Web-hosting company that Michan said 
handles about 40percent of all adult-entertainment Web sites and first 
discovered the problem in October.

Michan said employees during a monthly security check noticed that the 
same IP address was repeatedly trying to access his software.

Michan said the company determined that someone had accessed the user 
name and password assigned to the Too Much Media software.

That program - known as NATS for Next-Generation Administration and 
Tracking Software - is primarily used by Internet porn-site networks to 
track activity on the hundreds of thousands of advertisers that send 
traffic to their Web pages.

Advertisers, known as affiliates, also use the software to check their 
own sales and traffic. About 500 affiliate networks - approximately 
one-third of the industry - use the software.

In his statement Wednesday, Albright did not address what steps the 
company took to inform people of the breach and possible loss of 
personal information, as it is required to do under New Jersey law.

"It's a big deal for them. A lot of people went with this software 
because it's supposed to be safe and secure. It makes the industry look 
bad," said Christian Amico, director of operations with Atlas Multimedia 
Inc., a San Fernando Valley firm that builds adult-entertainment Web 
sites.

While there have been no reports of identity theft, many said the fact 
that names, e-mail addresses and the types of fetishes people enjoy 
might be floating around the Internet is worrisome.

"Consumer confidence is shot because of this," said Jason Tucker, 
president of San Fernando Valley-based Falcon Foto, which he described 
as the "world's largest erotic library."

"The industry has worked so hard in the last five years alone to make 
people understand that this is a real business and we operate like a 
real business," Tucker said.

"When something like this happens, consumer confidence in the adult 
business drops and we're all going to suffer because of it."

Copyright 2007 Los Angeles Newspaper Group


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Fri Dec 28 2007 - 01:43:22 PST