IT.COM

alert Epik Had A Major Breach

NameSilo
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Yeah, tried to watch it earlier but it made me cringe so much. I seriously feel for Rob. He's not a bad guy but there's no reasoning with the lowlifes in that chat.

No matter what side you're on, when you go dark, you join the lowlife club imo.

I understand the drive and the willingness to sail the E in a sort of "the redemption-house" type registrar. Where do you think the E is headed in the next 5 years?
 
Last edited:
5
•••
I understand the drive and the willingness to sail the E in a sort of the redemption-house type registrar. Where do you think the E is headed in the next 5 years?

Interesting question. Let's hope E does not follow the "Cyberbunker" route. It didn't end well for them.
 
6
•••
Andrew Alan Escher Auernheimer, aka "weev" the swastika tattooed guy in the video call, is a notorious internet troll who's taking pleasure in zoombombing lately. I think Rob handled him well, e.g. 23:23 .. "are you like personally about this or are you like just feeding this polarity because somebody pays you?"
From Rob's reaction when he first saw him in the call, probably he wasn't aware who is he dealing with.

Auernheimer's tattoo was part of his troll campaign to promote himself and discredit the Weev app. He ends up acquiring Weev.net which he interprets as a major success. In his own writing (https://archive.fo/cqtLD)
Pagerank is More Powerful Than Trademark: How I Killed a Multimillion Dollar Company with Swastika Memes
When I dropped my swastika tattoo along with a fiery essay on The Daily Stormer, dozens of celebrities were talking about Weev the video chat app on TV. Unfortunately for them, TV spots don’t really translate to many page results or backlinks. Everyone who googled weev as a result immediately afterwards was greeted with a Google News thumbnail of weev the mad eyed white supremacist hacker with a 4.5 inch swastika tattoo. Normies freaked out in spades. It was the single most impactful thing I had ever done, creating far more buzz than a well publicized Constitutional case, wrongful imprisonment, and appeal.
I would delay every troll operation I wanted to do until they were spending serious money and resources to try to dig themselves out of a pagerank hole. Whenever they would drop deep into the second page of Google results (where they might as well not even exist) they would try to do another press push and garner backlinks. I responded each time by doing something way bigger and more notable than whatever shitty press they managed to get, like internationally syndicated news about using targeted white nationalist Twitter ads, or garnering thousands of news articles and dozens of TV spots by printing swastikas to tens of thousands of other people’s printers across the anglosphere.​

New York Times wrote about him in 2008
Weev, the troll who thought hacking the epilepsy site was immoral, is legendary among trolls. He is said to have jammed the cellphones of daughters of C.E.O.’s and demanded ransom from their fathers; he is also said to have trashed his enemies’ credit ratings. Better documented are his repeated assaults on LiveJournal, an online diary site where he himself maintains a personal blog. Working with a group of fellow hackers and trolls, he once obtained access to thousands of user accounts. …

Vice, in 2015

Hacker 'Weev' Threatens to Dox 'Dozens' of Prosecutors after Keys Conviction
A day after the former Reuters journalist Matthew Keys was convicted for hacking crimes, Auernheimer detailed his plot to punish the US government for "wrongfully" prosecuting hackers, including him, in an email he sent to the two prosecutors who worked on his case, which he forwarded to reporters and the leaking site Cryptome on Thursday.​

And so on...
 
5
•••
Andrew Alan Escher Auernheimer, aka "weev" the swastika tattooed guy in the video call, is a notorious internet troll who's taking pleasure in zoombombing lately. I think Rob handled him well, e.g. 23:23 .. "are you like personally about this or are you like just feeding this polarity because somebody pays you?"
From Rob's reaction when he first saw him in the call, probably he wasn't aware who is he dealing with.

Auernheimer's tattoo was part of his troll campaign to promote himself and discredit the Weev app. He ends up acquiring Weev.net which he interprets as a major success. In his own writing (https://archive.fo/cqtLD)
Pagerank is More Powerful Than Trademark: How I Killed a Multimillion Dollar Company with Swastika Memes
When I dropped my swastika tattoo along with a fiery essay on The Daily Stormer, dozens of celebrities were talking about Weev the video chat app on TV. Unfortunately for them, TV spots don’t really translate to many page results or backlinks. Everyone who googled weev as a result immediately afterwards was greeted with a Google News thumbnail of weev the mad eyed white supremacist hacker with a 4.5 inch swastika tattoo. Normies freaked out in spades. It was the single most impactful thing I had ever done, creating far more buzz than a well publicized Constitutional case, wrongful imprisonment, and appeal.
I would delay every troll operation I wanted to do until they were spending serious money and resources to try to dig themselves out of a pagerank hole. Whenever they would drop deep into the second page of Google results (where they might as well not even exist) they would try to do another press push and garner backlinks. I responded each time by doing something way bigger and more notable than whatever shitty press they managed to get, like internationally syndicated news about using targeted white nationalist Twitter ads, or garnering thousands of news articles and dozens of TV spots by printing swastikas to tens of thousands of other people’s printers across the anglosphere.​

New York Times wrote about him in 2008
Weev, the troll who thought hacking the epilepsy site was immoral, is legendary among trolls. He is said to have jammed the cellphones of daughters of C.E.O.’s and demanded ransom from their fathers; he is also said to have trashed his enemies’ credit ratings. Better documented are his repeated assaults on LiveJournal, an online diary site where he himself maintains a personal blog. Working with a group of fellow hackers and trolls, he once obtained access to thousands of user accounts. …

Vice, in 2015

Hacker 'Weev' Threatens to Dox 'Dozens' of Prosecutors after Keys Conviction
A day after the former Reuters journalist Matthew Keys was convicted for hacking crimes, Auernheimer detailed his plot to punish the US government for "wrongfully" prosecuting hackers, including him, in an email he sent to the two prosecutors who worked on his case, which he forwarded to reporters and the leaking site Cryptome on Thursday.​

And so on...

Short version... Lowlife alert :)
 
6
•••
6
•••
Where do you think the E is headed in the next 5 years?

Now that's a good question and imo it totally depends on how they handle stuff from this point on. Even without this hack I never had much hope for them to survive, that being said, if they drop the attitude, stop to accommodate the naysayers and just position themselves as the "we don't give a fuck" registrar I give them a fair chance to survive as a small registrar accomodating those looking for a safe haven.
 
Last edited:
5
•••
Epik is already associated with Cyberbunker.

https://frankensaurus.com/CyberBunker

I have asked myself for years now … why do people join or participate websites and forums that pertain to venting posts about hating people or doing people harm .,. I mean .. yes … they are speaking to people who engage in the same things as they do .. but ultimately..they are talking to their wall .. and then in some cases some of these people have actually acted on their hate .. at the end of the day it achieves what ?? Makes them feel better or entertains and full fills their appetite for their beliefs of hatred or harm to the people they despise??

Somethings are pointless .. these types of websites and forums actually serve no purpose at all IMO
 
Last edited:
6
•••
Now that's a good question and imo it totally depends on how they handle stuff from this point on. Even without this hack I never had much hope for them to survive, that being said, if they drop the attitude, stop to accommodate the naysayers and just position themselves as the "we don't give a fuck" registrar I give them a fair chance to survive as a small registrar accomodating those looking for a safe haven.

My prediction: After this, a capital injection will be used to expand the E ecosystem operation.
 
Last edited:
5
•••
Now that's a good question and imo it totally depends on how they handle stuff from this point on. Even without this hack I never had much hope for them to survive, that being said, if they drop the attitude, stop to accommodate the naysayers and just position themselves as the "we don't give a fuck" registrar I give them a fair chance to survive as a small registrar accomodating those looking for a safe haven.

Real safe haven...have you checked the dox on twitter? He exposed all of these people (Thank you God / Allah / Yahweh).
 
2
•••
I have asked myself for years now … why do people join or participate websites and forums that pertain to venting posts about hating people or doing people harm .,. I mean .. yes … they are speaking to people who engage in the same things as they do .. but ultimately..they are talking to their wall .. and then in some cases some of these people have actually acted on their hate .. at the end of the day it achieves what ?? Makes them feel better or entertains and full fills their appetite for their beliefs of hatred or harm to the people they despise??

Somethings are pointless .. these types of websites and forums actually serve no purpose at all IMO

imo ... freedom of speech can affect everyone’s right to freedom of expression. It's complicated - whoever runs the freedom of speech brainstorm should come with a few more ideas...
 
5
•••
Real safe haven...have you checked the dox on twitter? He exposed all of these people (Thank you God / Allah / Yahweh).

Yeah, obviously it doesn't work out the way they handle things ATM. I mean, drop politics, domainers, making the world a better place and concentrate on the core business. Facilitating domain registrations. Don't draw attention, just deliver a superb user experience. Ignore any media attention. That's the way to go. Imo. If... You want to continue to cater a certain niche.
 
6
•••
imo ... freedom of speech can affect everyone’s right to freedom of expression. It's complicated - whoever runs the freedom of speech brainstorm should come with a few more ideas...

it is very complicated in this day and time .. I support 1A as much as anyone … yet at the same time .. I do not support such sites that promote hate speech .. Harm and the likes of .. I can not support hate and harm .. no matter my political affiliation or whatever the case may be
 
Last edited:
10
•••
Real safe haven...have you checked the dox on twitter? He exposed all of these people (Thank you God / Allah / Yahweh).

but just some dialogue between you and I .. if it were your letter .. and you ended it with whom ever you believe in or whatever the case may be that you chose to end your letter in … should I be offended or insulted ?? It’s your letter you composed
 
Last edited:
3
•••
Sadly it's okay in this day to attack people for their views. Especially if those views are pro-religion or pro-conservative. Almost everyone else gets a pass to say the craziest stuff imaginable. The Right are being publicly persecuted. Rob does believe it's part of his mission to fight back. Maybe that's not a great way to run a business but I think people should respect his beliefs. I don't think he should be attacked for having convicton. If you don't want to use Epik, then don't.

I have domains at Epik. I have no actual personal data exposed. I pay with crypto. I use a voip phone number. My address is already public. But for now I have logged in and changed my credentials.
 
12
•••
Yeah, tried to watch it earlier but it made me cringe so much. I seriously feel for Rob. He's not a bad guy but there's no reasoning with the lowlifes in that chat.

No matter what side you're on, when you go dark, you join the lowlife club imo.

He should have listened to his lawyers.
 
5
•••
The news is too big on the Internet so I think they (Epik) will be down for years to come. Some said "I will keep using them" but you need to realize that the buyers will not like the names to be with them. They don't care if you like them or not.
With all the bad information: plain text data, old and out of date software, cheap and unqualified employees - I am not sure how long they will survive.
The big problem now is for members who have hundred or thousand names with them it's not easy to transfer them out as they cost too much.
Rule #1 in IT - Don't hand your security matters to the ones that you don't know well.
 
14
•••
Just now, on another platform, someone has reported that they have been emailed their own credit card number. Actually both their own credit card number and their partners credit card number..
 
Last edited:
10
•••
The news is too big on the Internet so I think they (Epik) will be down for years to come. Some said "I will keep using them" but you need to realize that the buyers will not like the names to be with them. They don't care if you like them or not.
With all the bad information: plain text data, old and out of date software, cheap and unqualified employees - I am not sure how long they will survive.
The big problem now is for members who have hundred or thousand names with them it's not easy to transfer them out as they cost too much.
Rule #1 in IT - Don't hand your security matters to the ones that you don't know well.

Say that is to say a lot...


What is left, what is far right. I'm left wing, Epik is right wing.
There is a deepstate which appears as right wing (as in case of Hitler, Bush), or left wing (Obama, Biden, Clinton). There is no difference between those. I'm on Epik's side, except for religion. I'm not religious, but this doesn't mean I'm not spiritual. For example I might be interacting with ETs without being aware of it. And vaxed people might be interacting with AI grid/cloud without being aware of it.
Hitler didn't lose, he won, his daughter Angela is at the top of Germany, but his team is losing now.

If you believe that Hitler was from the right side, you have been influenced by the manipulation for the left side..
 
Last edited:
4
•••
Just now, on another platform, someone has reported that they have been emailed their own credit card number. Actually both their own credit card number and their partners credit card number..

If this statement is true, then there is a major breach somewhere...
 
2
•••
General observations re. credit cards used on Epik. Yeah, if you used it at Epik (and/or have it stored) - cancel it. Ask your bank also to add it to "stop list" as an extra security measure (delayed or offline authorizations or charges may still be possible).

Other registrars _may_ accept something like a correct answer to "what are the last 4 digits of your CC" question as a way to verify who the customer is in case of lets say incoming phone calls - So, remove this CC from other registrars.

Switching to one time virtual cards is a good idea. If it is unavailable at your bank (or your country) - then you may switch to debit cards (would be harder to spend a lot of your $$$ in case of potential future hacks - no credit line), or to prepaid gifts cards. If virtual cards are unavailable - most banks would be happy to issue extra cards (linked to the same account), so, at least: one card for "registrar A" exclusively, another card for "drop catcher B" exclsively, etc, etc, etc. Should either be hacked - you'll have to cancel just the 1 card used with this service only. Do not maintain a large balance, just what is necessary for daily needs.

At this time, however, I'd avoid using any type of debit or credit cards with Epik (except, possibly, 1 time virtual cards).

Not only different passwords - but also different usernames, and different emails - at least for critical services you use daily. Checking a lot of webmail inboxes may not be convinient though - so, consider a pop3/imap client (but, it will decrease the security as there is no 2FA in imap and pop3). Stop using windows (any version). Mac - maybe, but as a temporary solution only. Linux workstation appears to be the best at this time. Do not try Ubuntu though (they are becoming less and less trusted/secure). The last Debian should be OK.

Sorry, too offtopic already. Maybe @Paul can start a separate sticky thread with all the relevant recommendations (and his final findings!) in light of epik breach... and move the related posts from this thread to it
 
Last edited:
4
•••
Monster seems to be MIA from this thread. He has all the time in the world to shill crappy domains to newbies on the hyphens are awesome thread but can't grace us with his presence on this important thread.
 
6
•••
Rob does believe it's part of his mission to fight back. .


He fights too long against dragons and then becomes a dragon himself :hungover:
 
Last edited:
2
•••
The password for an admin account was 123.

I posted a screen shot originally but I don't want to be accused of posting any docs.

Wildly incompetent stuff.

Dragons don't exist, kam.
 
Last edited:
4
•••
NamePros observed a credential stuffing attack beginning around 7:59 PM EDT (UTC-4). On-call NamePros staff were paged around 8:01 PM EDT. I responded. I reviewed recent logins and manually flagged two as suspicious, which logged the users out and forced a password reset. The users will be notified of the reason upon resetting their passwords. The majority of the login attempts were blocked when our system detected an unusual number of failed login attempts and began captcha'ing all logins.

As a precaution, I manually enabled Cloudflare captchas for all logins instead of the usual captchas to ensure that nothing slips through the cracks. We plan to keep it enabled overnight.

At least some of the usernames attempted appear to be in the Epik breach, although that could easily be a coincidence--it's a small industry, after all. The attacker is one we've seen before, and we don't believe they have any affiliation with the Epik breach, though it's certainly possible they've added that data to their list of usernames and passwords.

The attack does not appear to have been successful. The attacker appears to have grown frustrated and attempted to register a new account when they weren't able to compromise existing accounts. The new account was flagged for review and closed.

We're still assessing the situation and trying to determine the best way to secure accounts that appear in the Epik breach. We don't have definitive plans yet.
 
17
•••
NamePros observed a credential stuffing attack beginning around 7:59 PM EDT (UTC-4). On-call NamePros staff were paged around 8:01 PM EDT. I responded. I reviewed recent logins and manually flagged two as suspicious, which logged the users out and forced a password reset. The users will be notified of the reason upon resetting their passwords. The majority of the login attempts were blocked when our system detected an unusual number of failed login attempts and began captcha'ing all logins.

As a precaution, I manually enabled Cloudflare captchas for all logins instead of the usual captchas to ensure that nothing slips through the cracks. We plan to keep it enabled overnight.

At least some of the usernames attempted appear to be in the Epik breach, although that could easily be a coincidence--it's a small industry, after all. The attacker is one we've seen before, and we don't believe they have any affiliation with the Epik breach, though it's certainly possible they've added that data to their list of usernames and passwords.

The attack does not appear to have been successful. The attacker appears to have grown frustrated and attempted to register a new account when they weren't able to compromise existing accounts. The new account was flagged for review and closed.

We're still assessing the situation and trying to determine the best way to secure accounts that appear in the Epik breach. We don't have definitive plans yet.

That's bad / good that you are on top of it, Paul. Great work all-around on this.

Just to throw this out there, probably unrelated, i had some residue from the b*tc**n forum hack come back about 2-3 weeks ago. You mentioned some login activity possibly from a few weeks ago earlier in the thread, and it's plausible many members here would be members there. Just wanted to share that anecdotal piece of experience.

Best of luck containing this.
 
2
•••
Back