GMBill.com CEO Responds to 'Plaintext Passwords' Tweet

SAN FRANCISCO — A tweet by an adult industry journalist spread like wildfire last week, bringing mild hysteria to message boards.

The tweet made by Violet Blue said: “One of the top adult affiliate credit card processing payout companies is storing passwords in plaintext.”

On Saturday, Blue confided to XBIZ that the top affiliate processor discussed in the tweet was GMBill.com.

“All the passwords are stored in plaintext on the server and in user accounts,” she said.

Blue went on to discuss another concern: “They only do payouts via wire transfer/EFT, and so that means everyone's bank account credentials are 99 percent likely to be stored in plaintext on the server too.”

“One not-terribly-clever hacker could do a lot of damage with tools readily available online,” she emphasized to XBIZ.

Sunday morning, GMBill’s CEO and founder, Garion Hall — also CEO and founder of AbbyWinters.com — responded to Blue’s tweet over visible plaintext passwords.

“[Blue] is incorrect,” Hall told XBIZ. “All passwords are stored encrypted but are decrypted when the user logs in — for example, once a user successfully authenticates and logs in, their password is decrypted.” Hall continued saying that the process “is widely considered an effective security practice.

“GMBill.com acknowledges the practice of showing users their passwords on-screen is falling out of favor — due to the risk of ‘shoulder surfing’ or a malicious user accessing browser cache), but is still common practice,” he said.

Hall noted he could come up with numerous examples over this but pointed to iCloud as one.

“For example, Apple’s Keychain also shows users passwords of sites and networks they have access to, after entering their admin password,” he said. “This is considered low risk, as at most it affects a single user.”  

Hall also addressed Blue’s accusation that affiliate’s EFT, or wire, bank account details are at risk.

“These are the same details every company places on invoices and some websites to customers,” Hall said. “Access is secured through standard security practices; by taint checking of all database inputs, all code being encrypted — including database access credentials — and fine-grained privilege separation for database user accounts.

“However, we have taken these accusations as a reminder that security never sleeps,” he said. “We have added velocity controls to the affiliate login process, blanked previously visible passwords, and even-more-thoroughly encrypted affiliate bank details. These changes will be released to production servers as a priority.”

Hall emphasized to XBIZ that there was no breach at GMBill; he also said he invites concerned parties to direct specific questions to him at garion@gmbill.com.

“GMBill.com conducts regular log scans to identify suspicious activity and has undertaken an especially close look in light of these accusations. We confirm there has been no breach of our security systems, no affiliate, client or customer data has been accessed by unauthorized parties, and all security measures in place continue to function appropriately.”

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Adult Networking Platform SpicyGigs.com Launches

SpicyGigs, a new adult industry networking platform, has officially launched.

Pineapple Support to Host 'Cream Pie Challenge' Fundraiser

Pineapple Support is hosting its Cream Pie Challenge through August to raise funds for mental health services for industry performers.

Kyrgyzstan President Signs Measure Outlawing Internet Porn

President Sadyr Japarov of Kyrgyzstan on Tuesday signed into law legislation outlawing online adult content in the country.

NC Legislature Overrides Veto of Extreme Anti-Adult Industry Bill

The North Carolina state legislature on Tuesday voted to override Gov. Josh Stein’s veto of a bill imposing regulations that industry observers have warned could push adult websites and platforms to ban most creators and content.

Report: VPN Downloads Soar in UK Following Age Verification Deadline

Virtual private network apps, which can be used to circumvent geo-specific age verification requirements, are topping Apple App Store downloads in the U.K. in the wake of new Online Safety Act rules, the BBC is reporting.

Strike 3 Holdings Sues Meta for Pirating Vixen Media Group Content to Train AI

Vixen Media Group owner Strike 3 Holdings filed suit in federal court this week, accusing Facebook parent company Meta of copyright infringement and alleging that Meta has extensively pirated VMG content to train its artificial intelligence models.

Pineapple Support, Streamate to Host 'Navigating Grief and Loss' Support Group

Pineapple Support and Streamate are hosting a free online support group to help performers cope with grief and loss.

Friday is Final AV Compliance Deadline in UK

Friday, July 25 marks U.K. media regulator Ofcom’s deadline for user-to-user services such as tube, cam and fan sites to implement its requisite “highly effective age assurance” measures for preventing minors from viewing adult content.

AEBN Publishes Popular Searches for May, June

AEBN has released the top search terms for the months of May and June from its straight and gay theaters in all 50 states and the District of Columbia.

Ofcom Releases Transparency Reporting Guidelines

Ofcom, the U.K. media regulator, has made public its official guidance detailing how online service providers — including adult sites — will be required to publish annual transparency reports on their efforts to protect children from online harms.

Show More