alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[tonyk2000]

NamePros observed a credential stuffing attack beginning around 7:59 PM EDT (UTC-4).

Other industry companies (registrars to begin with) will likely see the same...

 

[tonyk2000]

We're still assessing the situation and trying to determine the best way to secure accounts that appear in the Epik breach. We don't have definitive plans yet.

Forcing reset of all passwords? First, NP will not need to analyze epik dump at all. Second, it would not make any sense for the current hacker, or any other hackers (there should be many) to start another credential stuffing attack with epik db data...

 

[tonyk2000]

The password for an admin account was 123.

I posted a screen shot originally but I don't want to be accused of posting any docs.

Fascinating. If so, one would reasonably guess that Epik systems were (and, possibly, still are) controlled by different (competing) hackers, for quite some time. It is not surprising that Epik is praying. Any religous member should definitely join Rob in prayer. Who knows...

New article is up:

https://www.dailydot.com/debug/epik-ceos-live-video-response-hacking-inciden/

:
Monster also called upon Jesus to rebuke any demons that he believed could be present at the conference.

 

[TheBuyerz]

You should first block domain transfers, withdrawals, until you find the breach... you fix it on an offline version of your website and then release the limitation, after that you go after the hacker.

Members should also reset their passwords ASAP, I didn't seen the encryption used but if it's a standard one like MD5, SHA... even if Salted the attacker should have got it from the source code and everyone now.

The risk to decrypt them is high and any one can do it by generating randomly a database of passwords using the encryption and searching if any member is using it.

Reseting your passwords is a priority.

After that you update tranfer codes of domain names. (Epik will facilitate the task by blocking transfers during this period even if many members will go against this. But with all the data losses this is nothing right now).

I also think that this hack isn't a recent one and the hacker acted under the radar before it makes it public... just like happened with bitcointalk, etc.

 

[Jurgen Wolf]

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

Upcoming deletes 279,329 (45.57%)

 

[bmugford]

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

Upcoming deletes 279,329 (45.57%)

Hmm. What is going on there?

Brad

 

[Jurgen Wolf]

If you control registrar - you can send any existent list of domains to Redemption Period...

 

[Lox]

Interview September 2021 - YT link

 

[tonyk2000]

Offtopic (somewhat). Mods are welcome to delete. But, it is weekend...

 

[DN_Hunter]

Has anyone been able to Transfer OUT using the APPROVE TRANSFER button? Right now when I hit the APPROVE Transfer button, I get a message that says
"Currently approve is not available"

 

[DrJacoby]

Monster also called upon Jesus to rebuke any demons that he believed could be present at the conference.

He should have called upon the Jesus to rebuke any Monsters attending the conference.

 

[MarketingArchi]

So are there any case of stolen domain after this breach ?
I doubt that it make any sense for hackers to steal domains. Usually they're stealing private data, cards etc.

 

[tonyk2000]

Has anyone been able to Transfer OUT using the APPROVE TRANSFER button? Right now when I hit the APPROVE Transfer button, I get a message that says
"Currently approve is not available"

A good sign actually. Not to say that it should work this way, but... what if somebody is trying to steal domains as the result of the breach?

 

[Shackleton]

What is the significance of this? Why are all those domains being deleted?

 

[Jurgen Wolf]

What is the significance of this? Why are all those domains being deleted?

Read answers above and ask Epik directly.

 

[Windoms]

So are there any case of stolen domain after this breach ?
I doubt that it make any sense for hackers to steal domains. Usually they're stealing private data, cards etc.

Theres 600,000 registered domains at epik.
280,000 upcoming deletes (45%).
Sounds worse than stolen domains.

Apparently theyve been behind trenches since february so who knows what theyve had time to do/build.

 

[Shackleton]

The drop-catching companies are going to be busy with all those domains being deleted.

 

[Jurgen Wolf]

Think about YOUR domains, not about these companies.

 

[MarketingArchi]

Theres 600,000 registered domains at epik.
280,000 upcoming deletes (45%).
Sounds worse than stolen domains.

Apparently theyve been behind trenches since february so who knows what theyve had time to do/build.

one of the possibilities is that they switch off the notifications for renewals, so that the account owner wont see moves or anything coming from Epik.

I am trying to recover the password, and it's not working, seems like. According to whois the 1 domain name I a have at Epik did not move though. At least out of Epik not.

 

[Shackleton]

My domains are at Dynadot.

 

[biggie]

He should have called upon the Jesus to rebuke any Monsters attending the conference.

Hi

now that, made me laugh out loud

imo...

 

[Kingslayer]

Think about YOUR domains, not about these companies.

That’s it. In this thread I've read a few posts from people saying people here must support Epik, no one owes Epik anything though.

Business is business at the end of the day, Epik (and any business) act in their best interests, so you’ve got to do what’s best for you, if you are happy with Epik and if you feel your assets and personal information are safe at Epik (equally as safe as any other domain registrar), that’s great stick with them, but any doubts what so ever get out of there.

Your domain names are potentially expensive assets at the end of the day.

 

[Paul]

Forcing reset of all passwords? First, NP will not need to analyze epik dump at all. Second, it would not make any sense for the current hacker, or any other hackers (there should be many) to start another credential stuffing attack with epik db data...

Our biggest concern with this approach is that the email accounts may be compromised or the email domains may have dropped. It’s going to require a little more nuance than a global password reset, unfortunately.

Were this any other industry, a global password reset might make sense, but domainers tend to use their own domains for email.

 

[Windoms]

That’s it. In this thread I've read a few posts from people saying people here must support Epik, no one owes Epik anything though.

Business is business at the end of the day, Epik (and any business) act in their best interests, so you’ve got to do what’s best for you, if you are happy with Epik and if you feel your assets and personal information are safe at Epik (equally as safe as any other domain registrar), that’s great stick with them, but any doubts what so ever get out of there.

Your domain names are potentially expensive assets at the end of the day.

I have no tech knowledge all i see is legions live peaking over cantonese firewall laughing at my weak password ready to steal my 3digit cc verification code.
Lol.

Im not playing russian roulette with a heavily breached registrar and a fake it til you make it CEO whose hiding info.
Nope.

 

[Jurgen Wolf]

@Silentptnr
"May" should be removed from the thread title, it is a fact already.