alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Nikhil Jain]

Ok. So out of curiosity, I just logged into my Epik account just now only to find 3 of my domains in 'Unlock' state.

I checked and there is no transfer out taking place on them and they look fine. As per whois, and after verifying with chat support I can confirm these domains got unlocked on 15th or 16th Sept 2021.

I do not know if this has any relation to this incident that took place with Epik.

But just thought of sharing this scenario so that other members can verify that their domains are secured.

Epik support has forwarded my concern to their technical team to see if there was any unauthorized access into my account.

 

[eternaldomains]

The attack does not appear to have been successful. The attacker appears to have grown frustrated and attempted to register a new account when they weren't able to compromise existing accounts. The new account was flagged for review and closed.

If this is how the hacker does things then I have 4 suspects:

-------------------------------------------------------------------
Nidoma, BrandDo, PotDomains, & SEDO ?!?!!?!
-------------------------------------------------------------------

The one in red is highly suspect because it's the only one I registered under their UK subdomain [sedo.co.uk], the rest are under Italy, Private/Cayman, and US.

Now I believe the one impersonating me should have his account flagged for precaution.

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

Upcoming deletes 279,329 (45.57%)

This site - I noticed the numbers change frequently. Just yesterday it was 46+%. Daily regs changed from XX to XXX even for data 2 days ago. So I'm not sure how accurate is this site. Anyone here from Alpnames? The site showed that Alpnames still have names there, seriously.

Ok. So out of curiosity, I just logged into my Epik account just now only to find 3 of my domains in 'Unlock' state.

I checked and there is no transfer out taking place on them and they look fine. As per whois, and after verifying with chat support I can confirm these domains got unlocked on 15th or 16th Sept 2021.

I do not know if this has any relation to this incident that took place with Epik.

But just thought of sharing this scenario so that other members can verify that their domains are secured.

Epik support has forwarded my concern to their technical team to see if there was any unauthorized access into my account.

Have you changed pw yet since the hack announcement? More data we have the better.

 

[Nikhil Jain]

Have you changed pw yet since the hack announcement? More data we have the bette

Yes I had changed the password probably on the day this thread came up.

 

[Jurgen Wolf]

It doesn't matter: how they update this stats.
Risks to lose domains remain the same.

 

[NicTraders]

@Paul Thanks for all your input here. Great to have someone who actually knows what they're talking about, instead of lots of assumptions. Anyway, I was just wondering if you've established from the dataset whether CVV's were stored with the CR Card details?
Thanks!

 

[Jurgen Wolf]

The site showed that Alpnames still have names there, seriously.

Why not???
They can have ccTLDs regardless of ICANN accreditation.

 

[Jurgen Wolf]

Epik support has forwarded my concern to their technical team to see if there was any unauthorized access into my account.

So you didn't use 2FA, right?

 

[Nikhil Jain]

So you didn't use 2FA, right?

No. At Epik, I never had 2FA.

 

[Mister Funsky]

I just logged into my Epik account just now only to find 3 of my domains in 'Unlock' state.

This has happened to me in the past causing significant panic. I immediately reactivated the lock and asked what happened...I got a response but can't access that file at the moment but it was sufficient to keep me calm. Since they do not send an email (like some other registrars do) when an unlock happens, out of habit I check my lock status on a regular basis.

btw, activate 2fa now if you have not

 

[Jurgen Wolf]

As of now, epik.com doesn't work for me at all.
NXDOMAIN response.
The same I see via https://cachecheck.opendns.com

 

[Mister Funsky]

As of now, epik.com doesn't work for me at all.

Gone now for me as well.

ADD...now it is back

 

[johnn]

The $2,000 question is where is Rob Monster hiding.
The last time that he post/spam something here is on September 7.
Not a good and professional practice to leave thousand of customers here in the dark.

 

[namezest]

Maybe the noobs need to watch now for phishing emails.

 

[Jurgen Wolf]

The $2,000 question is where is Rob Monster hiding.
The last time that he post/spam something here is on September 7.
Not a good and professional practice to leave thousand of customers here in the dark.

He is here daily.
But only in DM mode.

 

[Lox]

3.5 hours of Epik CEO Rob Monster's live Q&A

 

[bmugford]

Is this Epik's current strategy? It sure seems like it.

 

[Future Sensors]

3.5 hours of Epik CEO Rob Monster's live Q&A

Rob should buy them better microphones.

 

[johnn]

The microphones have been hacked also.

 

[Silentptnr]

Makes no sense....

2hrs ago..

https://twitter.com/x/status/1439224134878310405

43 min ago...

https://twitter.com/x/status/1439264079290507270

 

[Jurgen Wolf]

No posts = No dislikes.
This is their strategy.

 

[bmugford]

Makes no sense....

2hrs ago..

https://twitter.com/x/status/1439224134878310405

43 min ago...

https://twitter.com/x/status/1439264079290507270

Cybersecurity, brought to you by thoughts and prayers.

I don't know about you, but I would rather have qualified people in the role.

Epik has still basically taken no responsibly in their failure to safeguard customer's data. Not only that, they just seem to be ignoring how complete and disastrous this hack was in the first place.

https://www.wired.com/story/anonymous-leaked-data-from-right-wing-web-host-epik/

Ignore, deflect, blame is not going to work.

At this point, how could even the biggest Epik supporters feel comfortable with their response? They are basically leaving customers out there on their own with no further information or guidance on what they should be doing.

Brad

 

[Start]

Hmm. What is going on there?

Brad

Maybe it's junk domains in lower quality TLDs that were registered for like 99cents last year. I've seen a lot of junk domains in their Daily Diamonds.

Even right now, there are dozens of domains like this:

livelyaboulevard.xyz

that will be in redemption in a few days.

 

[oldtimer]

In my opinion everyone here is overreacting to this situation.

Hackers have different motives for doing what they do.

Some are motivated by financial gains and some are motivated by ideology and politics. And some just want to monitor certain companies and organizations and never reveal that they have hacked their systems which could go on for years without anyone noticing and could be harmless if done by friendlies or very harmful if done by hostile adversaries.

But, hacktivists always have to be able to present some justification for their actions as to not be considered terrorists or saboteurs and spies by the Authorities because although they might be anonymous to the general public, but they are not so anonymous to the those who are in the know.

In my opinion the motive here has been more to punish rather than to destroy hence the fact that hackers have gone out of their way to protect most credit card and password info.

I don’t believe that the average innocent customer should worry too much about their credit cards or domains and should not have any fear of losing anything. Although if you are the kind of person who enjoys inflicting pain onto others then you probably need to be a little scared.

I am very optimistic that Epik can get back on their feet once they have reevaluated their whole company strategy and changed how and with whom they are doing business with.

IMO

No further comments.

 

[bmugford]

Maybe it's junk domains in lower quality TLDs that were registered for like 99cents last year. I've seen a lot of junk domains in their Daily Diamonds.

Even right now, there are dozens of domains like this:

livelyaboulevard.xyz

The math doesn't seem to work out. Almost half their total registered domains are junk and deleting?

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

Registered domains 612,936
Global market share 0.12%
Signed zones 19,548
Upcoming deletes 279,329 (45.57%)

If you look at more detail the only extensions that show substantial registration volume (above 20k) are -

COM - 327,803
CO - 151,131
ORG - 26,307
INFO - 25,646

Something is not adding up.

Brad

 

[bmugford]

In my opinion everyone here is overreacting to this situation.

Hackers have different motives for doing what they do.

Some are motivated by financial gains and some are motivated by ideology and politics. And some just want to monitor certain companies and organizations and never reveal that they have hacked their systems which could go on for years without anyone noticing and could be harmless if done by friendlies or very harmful if done by hostile adversaries.

But, hacktivists always have to be able to present some justification for their actions as to not be considered terrorists or saboteurs and spies by the Authorities because although they might be anonymous to the general public, but they are not so anonymous to the those who are in the know.

In my opinion the motive here has been more to punish rather than to destroy hence the fact that hackers have gone out of their way to protect most credit card and password info.

I don’t believe that the average innocent customer should worry too much about their credit cards or domains and should not have any fear of losing anything. Although if you are the kind of person who enjoys inflicting pain onto others then you probably need to be a little scared.

I am very optimistic that Epik can get back on their feet once they have reevaluated their whole company strategy and changed how and with whom they are doing business with.

IMO

No further comments.

Overreacting? To what appears to be one of the most complete data breaches?
One that seems to involve a lot of poor security practices by Epik.

Gee, that is really reassuring that the hackers have decided to not inflict maximum damage on the customers, though they could if they wanted. That is the point.

I am not sure how anyone could feel comfortable with this company after Epik's (lack of) response to the situation.

Brad