Dynadot

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
I agree with you if it's at the advice of law enforcement, but Epik's legal counsel has to be coming back at them as well, to make clear, "Look if we continue to wait, we can be sued big time, possibly out of business, Epik is not Google or Apple.

Yeah, this is a key point. We are not dealing with a company worth billions of dollars.
They have massive exposure, especially when it comes to the domain investing community.

It would be in their best interest to release some kind of update. It is not believable in my view that law enforcement would be stopping them from issuing a basic statement.

The longer it goes on, the worse it is going to get.

Brad
 
Last edited:
7
•••
They act like nothing happened or fake news. This tactics was chosen.
~3h ago I have received reply in my yesterday's ticket: As far as I'm aware, we are not being attacked by DDoS.
 
Last edited:
2
•••
Last edited:
8
•••
They act like nothing happened or fake news. This tactics was chosen.
~3h ago I have received reply in my yesterday's ticket:
As far as I'm aware, we are not being attacked by DDoS.

I think you're probably expecting a bit much from such a small company this early in the game. I'm not saying their response--or lack thereof--is reassuring, but it's par for the course. Most people involved probably don't even know the difference between a DDoS attack and a data breach.

That's not to excuse their lack of security or preparedness, but we've seen similar behavior in the industry from other, less controversial companies.
 
12
•••
I think you're probably expecting a bit much from such a small company this early in the game. I'm not saying their response--or lack thereof--is reassuring, but it's par for the course. Most people involved probably don't even know the difference between a DDoS attack and a data breach.

That's not to excuse their lack of security or preparedness, but we've seen similar behavior in the industry from other, less controversial companies.

When you are a small company with so much exposure to one community, it is normally in your best interest to say something.

No one is asking for some detailed analysis of every aspect of this hack. They just want some type of update, which I think is more than reasonable.

Brad
 
5
•••
I think you're probably expecting a bit much from such a small company this early in the game. I'm not saying their response--or lack thereof--is reassuring, but it's par for the course. Most people involved probably don't even know the difference between a DDoS attack and a data breach.

That's not to excuse their lack of security or preparedness, but we've seen similar behavior in the industry from other, less controversial companies.
Surely the decision makers in any company no matter what the size would be able to make an announcement no matter how small to show people they are working on it?
 
4
•••
Epik is innovative and innovation improves bottom line for the industry.
 
0
•••
So slowness from nothing...
Just overload from customers.

According to my previous tickets and LiveChat - DDoS events are not rare on Epik, and were always confirmed if any.
 
1
•••
Probably they are still investigating, and they can't make announcement if they don't know what exactly happened.
 
6
•••
When you are a small company with so much exposure to one community, it is normally in your best interest to say something.

Of course, but incident response is a tricky beast. It's overwhelming at best. Even the most prepared teams have to prioritize and end up making decisions that don't necessarily look great in hindsight.

There's always a human element, and as someone who's had experience being paged at 4 AM while on vacation because some random person decided that would be a great time launch an attack, I certainly empathize with what they're going through right now. Again, that's not to say I condone the silence or their security practices, but it's a tough situation to be in.

According to my previous tickets and LiveChat - DDoS events are not rare on Epik, and were always confirmed if any.

Keep in mind the actual attack in the spotlight here wasn't a DDoS attack, and it's important not to conflate the two. Denial of Service is just that: users have trouble accessing a service. It doesn't mean data has been leaked. That's not what appears to have happened here.

When enough real people visit a website, it has the same effect as a DDoS attack. If a lot of people are trying to log in right now, it will be indiscernible from the users' perspective: the site will slow down and fail to function properly. That's not an attack; that's just a side effect of everyone panicking.
 
9
•••
Were troubles...
Yesterday were even periods of up to 20 minutes, when Federated Identity login page didn't load at all.
 
Last edited:
1
•••
3
•••
@Paul Thanks for stepping up and letting us hear from your trusted perspective. There will be a lot of BS from both sides on this and hearing it from someone without an agenda helps.

Peace,
Kenny
 
10
•••
And I noticed these troubles even BEFORE this thread was started...
 
1
•••
That's not an article by an unbiased source. That's smear propaganda.
The Telegraph is a conservative newspaper - if you had said the Guardian.......maybe
 
1
•••
That's not an article by an unbiased source. That's smear propaganda.
Use Google...
This is just one publication from MANY sources...
 
1
•••
Let's not let this devolve into yet another flame war over Epik or politics. Given the circumstances, that would be entirely unfair to everyone involved. Notable sites in our industry have been getting hacked more and more often, regardless of their political alignment or lack thereof. Pointing fingers and debating motive does not help us move forward.

Moderators, please take note.
 
21
•••
Were there any reports that Masterbucks data was leaked?
 
5
•••
Were troubles...
Yesterday were even periods of up to 20 minutes, when Federated Identity login page didn't load at all.

I agree. I was changing some prices yesterday and every time it was taking like 20 sec to update the price, while before the change was in an instance, less than a second.
 
3
•••
1
•••
When enough real people visit a website, it has the same effect as a DDoS attack. If a lot of people are trying to log in right now, it will be indiscernible from the users' perspective: the site will slow down and fail to function properly. That's not an attack; that's just a side effect of everyone panicking.

Were troubles...
Yesterday were even periods of up to 20 minutes, when Federated Identity login page didn't load at all.

And I noticed these troubles even BEFORE this thread was started...
^
 
1
•••

It was on Hacker News yesterday, and probably on 4chan before that. Of course, it's possible there's also an ongoing DDoS attack, but it makes little practical difference.
 
2
•••
I have read they hacked it over the new Texas Abortion law .. as well as some of the domain sites that were allowed in .. or ALT Right people that use the hosting services or some shit like that … at any rate .. in the article I read it said they are going to release the data and whatever ..

I don’t care about name .. address .. phone number or any of that stuff getting out .. I would give all that out and not even care ..

So it’s all about financial info IMO .. credit .. debit card and ect .. I have been through a couple of data breach situations .. one of them I just waited to see if my CC would be used .. it was .. for two identical $500 purchases .. I got with the FBI after going through the fraud protocol with CC company .. the FBI located the person that made the charges on mine as well as others CC ..it was dark web shit and ended up resulting in 18 federal arrests
 
Last edited:
9
•••
So their BitMitigate is not ready even for Hacker News readers???
Sorry, but I can't comment anymore these theories.
 
1
•••
Sorry, but I can't comment anymore these theories.

I would hope that their login form is having trouble because they're using something more secure than MD5 for that system. Without getting too technical, the more secure your password storage solution, the more susceptible it is to being overloaded.
 
3
•••
Back