alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[branding]

Would've been nice to get that by email. And pin it for f*cks sake!

 

[Jurgen Wolf]

So according to the posted data on previous page - Epik had up to 1.5M domains under their management as of March'1.

Now (including upcoming deletes) they have ~4.5 times less.
https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

 

[Start]

So according to the hacked data they had up to 1.5M domains under their management as of March'1.
Now they have ~5 times less.

It's not 5 times less, is it?

The page here says ~612,000 domains:
https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

but also doesn't seem to include .xyz domains.

And the graph shows that as of March 1, 2021, they had (according to domainnamestat anyway) 521,000 domains.

A problem I've noticed in the past is that the numbers at registrar stats site may not be accurate, although it is useful to get an idea of who's bigger.

Also, here's another site with different stats:
https://archive.today/XGiwB

That's from Aug 2020, and that site has figures almost 50% higher than what domainnamestat.com shows for Sept 2020.


Basically, I'm saying the stats on those sites aren't necessarily accurate.

Anyway, ~280,000 domains in redemption/deletion is certainly very high though.

 

[Chris Hydrick]

https://twitter.com/x/status/1439020408783654917

Would've been nice to get that by email. And pin it for f*cks sake!

Agreed.

Though, at least this tweet didn't sound like it was written by a menacing conspiracy artist, or make it about religion or politics. It sounds like snarky has been put in his cage at least for the time being.

On an unrelated note, this last tweet about the Epik data breach, is now aging awkwardly above their 2022 HardDrives.com venture tweet.

eg

(Last Tweet) August 23: Sneak peak to our new data protection products
(Newest Tweet) September 18: We lost your/our data.

...


#EpikFail coments:
....

https://twitter.com/x/status/1438535294618267659

...

https://twitter.com/x/status/1438576322666762243

 

[Marshall]

Would've been nice to get that by email. And pin it for f*cks sake!

If that's right then I can only imagine the terrible handling of this situation where a lot of folks maybe haven't even received a mail about the breach.

Well, I've received Rob's mail (I think someone has posted bits of that mail here in this thread) saying that some terrible compromise has happened. Though there was no clear mentioning of a security breach, it was quite understandable that they're hacked.

The mail ends with this:

You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.

Blessings to you all.

Regards,

Rob Monster
Founder and CEO
Epik Holdings Inc

Quite a way to end a high priority security breach mail.

But didn't paid any attention as I don't have any domains with them from a long time.


Some notable points so far:

- Hacker group Anonymous performed the hack named 'Operation Jane' and uploaded 180 GB of user data to torrent sites

- The hacking was performed because of their Right wing support approach and had something to do with The Texas Abortion Law.

- Apparently, website security was so low on Epik’s priorities that hacking it was easy as running a line of code.

(Source: https://narativ.org/2021/09/17/operation-jane/)

 

[Beezy]

If they lose zero domains they can still call themselves the swiss bank, so take that haters.

 

[Jurgen Wolf]

https://en.wikipedia.org/wiki/Stockholm_syndrome

 

[bmugford]

If they lose zero domains they can still call themselves the swiss bank, so take that haters.

Just not the Swiss bank of data.

Brad

 

[.X.]

If that's right then I can only imagine the terrible handling of this situation where a lot of folks maybe haven't even received a mail about the breach.

Well, I've received Rob's mail (I think someone has posted bits of that mail here in this thread) saying that some terrible compromise has happened. Though there was no clear mentioning of a security breach, it was quite understandable that they're hacked.
But didn't paid any attention as I don't have any domains with them from a long time.


Some notable points so far:

- Hacker group Anonymous performed the hack named 'Operation Jane' and uploaded 180 GB of user data to torrent sites

- The hacking was performed because of their Right wing support approach and had something to do with The Texas Abortion Law.

- Apparently, website security was so low on Epik’s priorities that hacking it was easy as running a line of code.

(Source: https://narativ.org/2021/09/17/operation-jane/)

I received a letter as most did...but still have no idea of what financial the hacker holds ...the hack itself i am not mad about ... it happens .. data breach ... it happens ... i am only wanting what the hell financials are in the hackers hands ...

I am not mad at Rob ... I am very disappointed in Rob ... To me...Rob is a good person ...his intentions are usually good.. in this case of the breach and hack... it has been handled very badly for the consumers IMO... yes i know do due diligence on your own with the financials... i did that immediately ... but the no communications has been terrible ...not everyone ..such as myself uses social media ..twitter ..facebook and all that... i don't even have social accounts... so the way i receive any social media posts is here in this very forum ... from a business stand point ... its worse that terrible not to know the financials part of the hack

 

[Lox]

If you're staying @ E ... change your whois email (for admin and tech) asap.

 

[.X.]

Post something @robmonster or have one of your staff post something in this forum ... this is a travesty for the consumer ..

 

[.X.]

If you're staying @ E ... change your whois email (for admin and tech) asap.

do you think they are going to hack the damn email too ?? or just have butt loads of spam sent?? or??

 

[.X.]

@robmonster stay off the damn zoom and facetime talking to nazi people and nut jobs... you are better than to engage with those people ...

 

[Jurgen Wolf]

If they lose zero domains they can still call themselves the swiss bank

No any evidence that those hackers even tried to steal any domains.

 

[Lox]

do you think they are going to hack the damn email too ?? or just have butt loads of spam sent?? or??

Spamming for sure

 

[noneisnone]

while all this is going on i pm Rob to ask him to charge my account using paypal and i get a reply almost instant this guy is great and anything he is involved in will be great never felt so appreciated as a customer ^^
wish him and epik the best

 

[Beezy]

Someone just posted:

"there are soooooo many credit cards in the Epik data leak. In one table I found 35k sets of unique credit card numbers, names, expirations, cvv, billing info. Here's a snippet of redacted numbers and names."​

 

[Jurgen Wolf]

So according to the posted data on previous page - Epik had up to 1.5M domains under their management as of March'1.

Now (including upcoming deletes) they have ~4.5 times less.
https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

@Rob Monster
You may also explain via another channel like Twitter...

 

[Chris Hydrick]

Someone just posted:

"there are soooooo many credit cards in the Epik data leak. In one table I found 35k sets of unique credit card numbers, names, expirations, cvv, billing info. Here's a snippet of redacted numbers and names."​

https://twitter.com/x/status/1439311680131907589

 

[Beezy]

@Rob Monster
You may also explain via another channel like Twitter...

The search used to get that list could have been from done to a wider pool of names that aren't just under Epik, for example.

I kept remembering the journalist during that video confrontation asking about two shell companies, but I am completely ignorant to those details.

Moreover, in that tweet thread, someone speculated that those totals included Rob's own speculative holdings outside of Epik customers, etc.

I'm sure next week things will be more clear.

 

[Jurgen Wolf]

It's not 5 times less, is it?

Including upcoming deletes it is ~4.5 times less.
See my updated post again.

 

[blockhead]

Sounding more and more like a worst-case scenario breach then. Obviously all those cards need cancelled.

Let's see if the domains are safe or will be stolen or somehow mass-deleted?

 

[jmcc]

Again, something is not adding up here.

It is a rather odd interpretation of ICANN data and may not be accurate due to the way that registrars report their transactions. The numbers given for some gTLDs on that site are obviously very wrong.

Regards...jmcc

 

[Start]

Including upcoming deletes it is ~4.5 times less.
See my updated post again.

I think you're doing the math wrong though.

1.5 million divided by 4.5 = 333,333

Oh, I see that you're counting "Upcoming deletes" within the "Registered domains" total. But I think they're separate numbers, such that the first is not a subset of the second.

Anyway, it certainly is a high number though. It's also possible some are for "domain tasting", although probably only a small portion.

Also, as detailed earlier, domainnamestat.com just doesn't seem to know full stats. The hack apparently says Epik had 1.5 million domains as of March 2021, but domainnamestat.com's graph thinks they only had 521,000.

 

[Jurgen Wolf]

What I'm doing wrong???
Registered domains minus upcoming deletes = 1.5M divided by 4.5