alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Samer]

These people are as much “activists” as gorilla mask women that threw an egg at Larry Elder.

Samer

 

[Finest]

Calm down everybody.

At the moment we have some idiot/s posting that they have hacked Epik - but absolutely no proof of such.

Epik's continuing silence is more concerning than the claims. It's fueling speculation.

The fact that so many members here have been able to change passwords, alter/cancel payment methods, and institute 2 factor security seems to indicate that things are working normally.

If the incident is a data theft breach, then systems remain intact. They will continue to work normally. In many similar cases, the victim first knows about the attack when the attacker exposes the stolen data or announces the attack (sounds familiar?)

 

[Samer]

My people downloadin the data as we speak

Still call bluff.

P.S. No domains lost by epik. Still Zero! Nada

Samer

 

[equity78]

Who’s Financially Responsible for Cybersecurity Breaches?

by Kayla Matthews on September 17, 2019
As networks become less secure and the data stored on the cloud becomes more valuable, cybersecurity breaches are becoming both more expensive and more frequent. In the first six months of 2019 alone, data breaches compromised more than 4.1 billion records.

Cybersecurity experts and IT workers can’t prevent every breach, but in some cases, it’s clear the appropriate steps weren’t taken to protect data. The cost of the breaches raises the question: Who should pay when a customer’s data gets stolen?

What Does the Law Say?
The current legal framework regarding data breaches isn’t particularly detailed. Beyond laws requiring disclosure of data breaches to affected customers, there are only a few laws governing who is responsible for a data breach.

Under current law, the data owners—the firm or organization that is storing user data—are responsible for data breaches and will pay any fines or fees that are the result of legal action.

The data holder—the organization that provides the cloud storage service—can’t usually be legally implicated or held responsible. If a data breach occurs, the data holder must notify the data owner, but not much else beyond that.

A data owner’s level of liability depends on what safeguards it was taking to protect user data. Failing to control network access or not encrypting user data, for example, will make a data owner more liable for the damages caused by the breach. A data owner also can be held responsible for not informing affected customers soon after a breach occurs.

Most international laws governing data privacy and breaches are similar: Both Japan’s APPI and the EU’s GDPR require companies to take measures to defend customer data and notify customers in the case of a breach.

https://securityboulevard.com/2019/09/whos-financially-responsible-for-cybersecurity-breaches/

 

[TheBaldOne]

Epik's continuing silence is more concerning that the claims. It's fueling speculation.

The 'silence' is indeed annoying, but if at the advice of law enforcement or security then should Epik ignore such advice? I personally think not.

If the incident is a data theft breach, then systems remain intact. They will continue to work normally. In many similar cases, the victim first knows about the attack when the attacker exposes the stolen data or announces that attack (sounds familiar?)

But we are not in a situation of Epik not knowing of this supposed attack are we. Well before now certain actions to protect the system would have been implemented - but no change has been identified by anyone.

 

[Finest]

No they shouldn't. But I doubt law enforcement would advise against a "we are aware of this goddamn thing and we are looking into it" kind of statement. The absolute silence is what provokes suspicions, I think.

 

[MadAboutDomains]

To be fair, some companies keep quiet about data breaches for years or never tell anyone. Pretty sure Facebook took ages to reveal the extent of theirs, but don't quote me on it. Not that that helps the situation...

I just assume every website has been hacked, it wouldn't stop me using a company. I'd even say that those companies that have been affected by this kind've thing are probably going to be even more careful afterwards if there are issues.

Put your phone number or email into https://haveibeenpwned.com/ and prepared to be horrified.

 

[equity78]

I agree with you if it's at the advice of law enforcement, but Epik's legal counsel has to be coming back at them as well, to make clear, "Look if we continue to wait, we can be sued big time, possibly out of business, Epik is not Google or Apple.

A data owner’s level of liability depends on what safeguards it was taking to protect user data. Failing to control network access or not encrypting user data, for example, will make a data owner more liable for the damages caused by the breach. A data owner also can be held responsible for not informing affected customers soon after a breach occurs.

As someone else pointed out a good lawyer can show damages to each person with names on Epik landing page who believes a lack of trust has harmed his or her ability to make sales at Epik or as a result of Epik landing pages.

This is getting very complicated. Because if that data was not encrypted?

 

[equity78]

To be fair, some companies keep quiet about data breaches for years or never tell anyone. Pretty sure Facebook took ages to reveal the extent of theirs, but don't quote me on it. Not that that helps the situation...

I just assume every website has been hacked, it wouldn't stop me using a company. I'd even say that those companies that have been affected by this kind've thing are probably going to be even more careful afterwards if there are issues.

Put your phone number or email into https://haveibeenpwned.com/ and prepared to be horrified.

Facebook, Inc. will pay a record-breaking $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy, to settle Federal Trade Commission charges that the company violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.

 

[equity78]

The year 2019 has already seen organizations slammed with sizable fines and settlements for security incidents or misusing customers’ information. Ever since GDPR was launched, data regulators are getting more serious about companies that are not serious about consumer data protection.

According to a report from IBM, the average cost of a data breach has increased to US$ 3.92 million, which is a 1.6 percent increase in costs in 2018 and a 12 percent rise over the last five years.

Cyber-attacks, data thefts, weak security, mistakes, and cover-ups have cost these companies a huge fortune.


https://cisomag.eccouncil.org/6-times-data-regulators-churned-out-high-penalties-in-2019/

 

[Jurgen Wolf]

If fake attack - why slowness yesterday?
I don't believe: that their platform is so weak in terms of load, where even own customers can affect it...

 

[Samer]

Facebook, Inc. will pay a record-breaking $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy, to settle Federal Trade Commission charges that the company violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.

Facebook made $100B profit.

 

[equity78]

Now Wikipedia updated it

Alleged hack
The hacktivist group Anonymous claimed in a September 13, 2021 press release that they had gained access to "a decade's worth of data" belonging to Epik that included domain registration and transfer details, passwords, all of Epik's customers' account credentials, logins, and payment history.[22] The Distributed Denial of Secrets (DDoSecrets) organization announced later that day that they were working to curate the allegedly leaked data for public download, and said that it consisted of "180 gigabytes of user, registration, forwarding and other information".[23]

Epik's CEO wrote on Twitter that the alleged hack was a "non-story" and a "nothingburger",[22] and the company subsequently told Gizmodo they were "not aware of any breach".[23]

https://en.wikipedia.org/wiki/Epik_(company)

 

[equity78]

Facebook made $100B profit.

Yeah that's fantastic we are talking about companies and their responsibilities and getting sued over data breaches. Epik did not make $100B

 

[Lox]

They (persons behind the (supposedly) #ak are running a guerrilla type of campaign. Nothing yet about DB, still hanging in the air. Because there is something that it is like to be fake news ... I'm going to stay on the "E is not #aked" side for now.

Another thing ... for about 10 min the Lolz did this .... archive.today

fake (level 1 engineering)

 

[Samer]

Now Wikipedia updated it

Alleged hack
The hacktivist group Anonymous claimed in a September 13, 2021 press release that they had gained access to "a decade's worth of data" belonging to Epik that included domain registration and transfer details, passwords, all of Epik's customers' account credentials, logins, and payment history.[22] The Distributed Denial of Secrets (DDoSecrets) organization announced later that day that they were working to curate the allegedly leaked data for public download, and said that it consisted of "180 gigabytes of user, registration, forwarding and other information".[23]

Epik's CEO wrote on Twitter that the alleged hack was a "non-story" and a "nothingburger",[22] and the company subsequently told Gizmodo they were "not aware of any breach".[23]

https://en.wikipedia.org/wiki/Epik_(company)

Wikipedia is having wet dreams on it —This company has the worst bias against em

There is no oversight of epik’s page;
it’s hijacked by activists…

 

[equity78]

Now Clubhouse went through this in April

https://gigazine.net/gsc_news/en/20210412-clubhouse-data-leak

 

[MadAboutDomains]

Another thing ... for about 10 min the Lolz did this .... archive.today

How did they manage to get archive.today to archive a page that didn't exist? Or did it exist?

 

[Jurgen Wolf]

So nobody with Gigabit connection to download this torrent and to check it? Fake or real data...

 

[equity78]

Data Breach vs. Cyber Liability Insurance: Is there a Difference?


If you’ve ever looked into protecting your business from cyberattacks, you have probably heard the terms data breach insurance and cyber liability insurance. Since they are often used interchangeably, many tend to confuse the two.

Is there actually a difference? Yes. Simply put, cyber liability insurance covers monetary losses from a breach AND provides legal protection. Data breach insurance only protects your financial interest.

Let’s take a deeper look at each type of coverage to get a clear understanding of the differences between the two. We’ll also discuss what you should consider when looking for protection against a cyberattack.

https://www.dhia.com/blog/data-breach-vs-cyber-liability-insurance-is-there-a-difference/

 

[equity78]

I would really like to hear from who I think are the two of the top smartest people on these topics on this forum, @Paul @Michael

 

[equity78]

So nobody with Gigabit connection to download this torrent and to check it? Fake or real data...

Maybe @Lox

 

[Lox]

How did they manage to get archive.today to archive a page that didn't exist? Or did it exist?

My CS team confirmed, - it is known that the Archive (is) is being used as a disinfo hub for .... years. The easiest way was/is to manipulate screenshot metadata (f.e. jpg/png source code) but also there's injecting the fw code (no further info) ...

 

[Lox]

Maybe @Lox

Still hanging on 5.8% ... for hours. The examples doesn't look like there's something "important". You can easily collect SSH dnssec and other public keys and in-out dn transfer/movement data . That's mostly "good-natured" data.

 

[carob]

This should be changed definitely.

The Swiss Cheese of domains?