Security News > 2007 > December > Porn industry frets over security breach
http://www.dailynews.com/ci_7816784 By Lisa Friedman Washington Bureau LA Daily News 12/27/2007 WASHINGTON - A New Jersey company that helps run thousands of pornography Web sites acknowledged a major security breach Wednesday, sparking widespread concern in the adult-entertainment industry that consumers' personal data could be endangered. According to industry chat boards that have been buzzing about the problem, the violation so far appears to be limited to e-mail addresses, with an avalanche of spam e-mail hitting Web site customers' inboxes - including unique addresses created for joining specific porn sites. John Albright, owner of the Too Much Media Corp., said in a statement Wednesday that no credit-card information was affected by the October incident. Officials with both Visa and MasterCard said they were unaware Wednesday of any problems in connection with the company. "An investigation is under way as to the cause and level of the security breach," Albright said in the statement. "TMM intends to prosecute to the fullest extent possible anyone responsible for any breach of its servers and programs." But many in the adult industry - based heavily in the San Fernando Valley - said the breach could unravel hard-fought attempts to change the longtime perception that the industry is shady. "The adult industry has worked for a long time to become an industry that can be trusted with personal information," said Kathee Brewer, former editor of AVN Online, the trade journal of the digital adult-entertainment industry. When customer information is leaked - even if it is only e-mail addresses - Brewer said, "consumers begin to back away because they don't trust the industry anymore. All it takes is one issue like this." Phone calls and e-mails to Albright to discuss details of the breach were not returned this week. It remains unclear how much information may have been accessed and how the incident began. But industry insiders and companies that use Too Much Media Corp. software said they have been aware since October that some customer lists belonging to porn-site networks had been stolen. They estimated that the number of victims could be in the hundreds of thousands. "You can imagine the backlash," said Ilan Michan, owner of Woodland Hills-based OC-3 Networks, a Web-hosting company that Michan said handles about 40percent of all adult-entertainment Web sites and first discovered the problem in October. Michan said employees during a monthly security check noticed that the same IP address was repeatedly trying to access his software. Michan said the company determined that someone had accessed the user name and password assigned to the Too Much Media software. That program - known as NATS for Next-Generation Administration and Tracking Software - is primarily used by Internet porn-site networks to track activity on the hundreds of thousands of advertisers that send traffic to their Web pages. Advertisers, known as affiliates, also use the software to check their own sales and traffic. About 500 affiliate networks - approximately one-third of the industry - use the software. In his statement Wednesday, Albright did not address what steps the company took to inform people of the breach and possible loss of personal information, as it is required to do under New Jersey law. "It's a big deal for them. A lot of people went with this software because it's supposed to be safe and secure. It makes the industry look bad," said Christian Amico, director of operations with Atlas Multimedia Inc., a San Fernando Valley firm that builds adult-entertainment Web sites. While there have been no reports of identity theft, many said the fact that names, e-mail addresses and the types of fetishes people enjoy might be floating around the Internet is worrisome. "Consumer confidence is shot because of this," said Jason Tucker, president of San Fernando Valley-based Falcon Foto, which he described as the "world's largest erotic library." "The industry has worked so hard in the last five years alone to make people understand that this is a real business and we operate like a real business," Tucker said. "When something like this happens, consumer confidence in the adult business drops and we're all going to suffer because of it." Copyright 2007 Los Angeles Newspaper Group __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/