alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[mr-x]

The hottest take of the day.

If @robmonster would agree to an open independent audit of this I think that would be the only path to reputation repair.

#AuditEpik

#FullTransparency

 

[Jurgen Wolf]

I use Epik for MANY years and also MANY my domains there...
And they offered only hugs.

+ In addition, we will offer free credit monitoring until September 15, 2023, for all affected Epik users; more details on this free service will be made available soon.

Thanks, but I don't need this monitoring even for free.

 

[labrocca]

But yeah, that said, some of the stuff being reported is jaw dropping, and is the sort of nonsense I'd have done as a junior programmer - logging failed passwords in plain text for example!

I log failed logins. I log the IP and the account. I don't see a use case for knowing their PW. I use the failed logins to see patterns of bruteforcing and account thefts.

Your mans paid to have someone (a criminal thug, it appears) to cancel someone in real life by intimidation.

That's troubling if it's true, I didn't want to go too deep into the rabbit hole of this story. Maybe Rob has his version of events which differs from the public perception. I know he felt he was being harassed and seemingly at some point wanted to know more about who it was. I don't know the aspect of the intimidation. There are people who take it upon themselves to be social justice warriors. My response is to completely ignore them because I got a thick skin and I just don't give a crap. But maybe Rob got sucked in which imho is a war you can't win and exactly what these type of trolls want.

If @robmonster would agree to an open independent audit of this I think that would be the only path to reputation repair.

Probably a wise idea after the dust settles.

I am still in love with Rob Monster even he screwed up my life.

How about you make one..."I hate Rob Monster even though he's done nothing to harm me."

For all the people complaining about their personal information being exposed. Where have you been the past 10 years? Are you saying this is the very first time you've had your digital information hacked and exposed? Like really...you are telling us this? I'm so damn public that I just post my home address and information myself. Even my SSN. I don't live and breathe because my personal information is a secret. If you rely on being anonymous for your security then it's possible you're doing something wrong. I greatly respect privacy, but if I lose it for a moment because of an illegal act then I don't freak out.

 

[.X.]

I log failed logins. I log the IP and the account. I don't see a use case for knowing their PW. I use the failed logins to see patterns of bruteforcing and account thefts.



That's troubling if it's true, I didn't want to go too deep into the rabbit hole of this story. Maybe Rob has his version of events which differs from the public perception. I know he felt he was being harassed and seemingly at some point wanted to know more about who it was. I don't know the aspect of the intimidation. There are people who take it upon themselves to be social justice warriors. My response is to completely ignore them because I got a thick skin and I just don't give a crap. But maybe Rob got sucked in which imho is a war you can't win and exactly what these type of trolls want.



Probably a wise idea after the dust settles.



How about you make one..."I hate Rob Monster even though he's done nothing to harm me."

For all the people complaining about their personal information being exposed. Where have you been the past 10 years? Are you saying this is the very first time you've had your digital information hacked and exposed? Like really...you are telling us this? I'm so damn public that I just post my home address and information myself. Even my SSN. I don't live and breathe because my personal information is a secret. If you rely on being anonymous for your security then it's possible you're doing something wrong. I greatly respect privacy, but if I lose it for a moment because of an illegal act then I don't freak out.

screw my personal info .. I will post that shit .. I could care less .. …. They can sell all that .. more robo calls and ect .. who cares .. my financials are a whole different ball game .. I will seek out for the financials

 

[Beezy]

that’s putting it mildly… trust me .. and the tipping point is here now .. stay tuned

the tipping point has past imo. the domain industry is going to move on without rob monster and goons.

this is the big time now, a maturing industry.

 

[.X.]

I think Epik will be fine long term .. I feel the communication timing concerning what financials the hacker holds .. encrypted not encrypted and ect could have been handled better and more efficient…. It’s a data breach .. this is my third one to be involved in .. I am sure not the last .. although I only have one single domain domain at Epik .. Epik offers an array of services to suit the Domainer in specific .. I have used a couple of the services in the past .. and they were quite good for what I needed ..


At the end of the day .. I am looking for the domaining products that I need to make money .. I don’t mix politics directly with domaining .. so

 

[Shackleton]

I'm just waiting for someone to start the "Epik Hack Lawsuit" thread

 

[.X.]

I'm just waiting for someone to start the "Epik Hack Lawsuit" thread

Sue For? No one came forward with any allegation of their financials being used unauthorized .. Epik has now sent out the letters with info pertaining to what people should do concerning the hack ..

 

[Shackleton]

I am not a lawyer and the following is not legal advice. Consult a licensed attorney. Epik is based in the state of Washington.
But the information I was given is that "Suing the company that holds the data when a breach occurs is possible. The claim against the entity is valid if the current measures are insufficient in a reasonable or standard breach of security protocol. Negligence to protect your information by the company may face a lawsuit for the damages incurred."

 

[Tom_Collins]

Great my email address is compromised now...cuz I had the same password as Epik.

and a dozen other accounts.

Thank God for Paypal...or else my CC info would've compromised too.

 

[Jurgen Wolf]

Epik doesn't work with PayPal since October'2020.

 

[Tom_Collins]

Epik doesn't work with PayPal since October'2020.

I bought a couple dns before that date

 

[JordanH]

twitter bio says “Founder of # Anonymous (yes that one)”

This is why you’re my favorite # websleuth.
RIGHT to the source! Didnt know that easy.

Probably a mediocre fallguy who doesnt know the meaning of Anonymous. enjoy “fodder”

Samer

Hes been called out already before.
https://www.reddit.com/r/SubredditD...an_claims_to_be_the_founder_of_anonymous_and/

Even been called out on his own AMA thread. He just want's to feel important xD

 

[alcy]

Common mistake. Established businesses going into politc. My family went through that. Divided the family and business partners. Better now, but wounds are still not healed.

not that common

certainly not among registrars

 

[koolishman]

Great my email address is compromised now...cuz I had the same password as Epik.

and a dozen other accounts.

What? Different PW for each site is cyber security 101.

 

[JordanH]

This is because most of those who comment against Epik are Agents of other registrars, and for them is a plus what happens, I would not exclude them to be involved in the hack, as I asket a registrar in feedback before this hack "what you will do now that Epik has best prices and support on the marked" well it can be who knows, nothing is a coincidence.

Umm no. Those who comment against Epik are those who are against the lack of transparency they have provided during this, and the total lack of security with details that they were entrusted with. Security of which they have boosted as being fantastic.

 

[alcy]

I see some members mention that there has not been any domain theft. But I don't think domain theft has been the reason for this hack. According to the publications on Twitter, all kinds of personal data of Epik customers are now being published on a large scale.

oh wow we all gonna be famous...seriously where is this large scale going on?

 

[Samer]

Can someone call Cyber Ninjas?

More credible than fakeAnon to feel important.

Samer

 

[Jurgen Wolf]

Ignore trolls and stay on topic...
Domainers and registrants are 2 different worlds.

 

[Frand]

Ok. So out of curiosity, I just logged into my Epik account just now only to find 3 of my domains in 'Unlock' state.

I checked and there is no transfer out taking place on them and they look fine. As per whois, and after verifying with chat support I can confirm these domains got unlocked on 15th or 16th Sept 2021.

I do not know if this has any relation to this incident that took place with Epik.

But just thought of sharing this scenario so that other members can verify that their domains are secured.

Epik support has forwarded my concern to their technical team to see if there was any unauthorized access into my account.

The same thing happened to me yesterday. I have seen one of my domains unlocked. It was a low value .realty

 

[Kai W.]

It is absolutely wild seeing Epik store CC# in MD5 hashes, often with the first and last 4 digits available, leaving an 8 character, numeric only search space. Helpfully, they also store CVV numbers and addresses,

This should wake people up: when it comes to storing payment information in some place, use a gateway instead of a credit card

 

[DomainNature]

Stop feeding the bad actors, they want us to fight with each other and destroy Epik, all their hacked data is questionable and mixed with other 3rd party data together, so it ads GB's of non related to Epik data, the ones who can destory Epik are it's users and that's their main purpose.
Spread the love.

 

[NickB]

Is it just me or does anyone else outside of the U.S feel their latest email titled "Update and Options for Affected Epik Users" is very U.S.A centric - all email links and contact numbers are U.S based........

Anyone have a breakdown or rough idea on how much of their business is outside of the U.S?

 

[Bravo Mod Team]

Anyone have a breakdown or rough idea on how much of their business is outside of the U.S?

Estimates of Epik visitors outside of the United States:

• 73.36% according to SimilarWeb.
• 64.4% according to Alexa.

 

[Beezy]

Folks...

https://twitter.com/x/status/1440179980365828104