alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Lox]

No , i am not gatekeeper of NP but owners & admins of forum must think about this & should grand access to new members after we know new members , have some posts , have some positve feedbacks etc..& only after to have access on some area ( topics ) on NP otherwise will be a mess here in a time o period & full of people that they don't have a clue about this industry

FYI ... I know who is behind the username FiniteCrystal. All good! @FiniteCrystal Continue with your research.

Regards

 

[FiniteCrystal]

FYI ... I know who is behind the username FiniteCrystal. All good! @FiniteCrystal Continue with your research.

Regards

What is that supposed to mean?

 

[timestamp]

@Paul
I understand that it can be abused. Download is quite large for me. But I give you permission to use my current IP (after login) to look for passwords of failed login attempts. If you are up for it, if not never mind. The thing is, my failed passwords, are passwords just for some other websites. I would like to know what I entered. I changed a lot of passwords, but I cannot remember everything.

 

[Lox]

What is that supposed to mean?

Nothing special, just to not agree with - "new user ... can't participate..." .

Regards

 

[Paul]

What is that supposed to mean?

I think he was intending to vouch for you.

 

[FiniteCrystal]

Nothing special, just to not agree with - "new user ... can't participate..." .

Regards

Ah, sorry. After the way some of the journalists that broke this story were treated, it's a little offputting to read something like "I know who you are".

 

[DomainNature]

There must be no justification for such a Hack and their hackers, many websites get hacked and you will never know it.
In fact it's good that the hack went public it will give strength and security upgrades to the company.
The most harmful terrorists are those which are unknown, not those which are known.
And I have a long question.
Why those companies which host the hacked data on their websites are up and running if they expose so many private data of thousands of users, but a simple site such as those (forgot their DN's) which are mentioned in the hack are down?

 

[labrocca]

btw, I thought I had bought killcops.com here on Namepros but I had to look it up to be sure. I think I paid $10.

https://www.namepros.com/threads/updates-list-of-names.87000/#post-566345

Also bought QUICKBUNNY.COM, POKERBITCH.COM, and a couple others on the list.

And wow about the Hitler crap. This is turning into a witch hunt. The narrative is obvious. Paint Rob as a Nazi and destroy his image.

I'm not denying epik is a honeypot of the radical right, but let's be objectively fair and aware of scale..

Epik has some major players of the Far Right like Gab. But as you pointed out about many Right Wing sites and domains they are not exclusively or even the majority registered at Epik. Also note that IT IS NOT ILLEGAL. There is absolutely nothing illegal happening.

Cancel culture working really hard today.

They screwed up massively, they stored tons of data that they shouldn't have been storing at all, stored tons of sensitive data in a horrible insecure way, and ignored serious security problems despite people trying to get in contact with them. Your "confidence" that everything is fine comes off as super desperate. Being willingly oblivious to how bad the problem is doesn't make it magically disappear.
[insert "This Is Fine" dog meme here]

Yes, all fairly true. Massive screw up by Epik. I'm fairly sure they know that. A person could absolutely decide to leave their service and middle-finger them on the way out. Or a person could decide their value to them and choose to forgive expecting them to fix the problems. I don't see that as super desperate. Just willing to give Epik a chance at fixing this and moving forward hopefully stronger.

They are doing our industry a favor by investing their time into enumerating a massive dataset. It's hard to relay just how much text fits in 150 GB. It would be different if it were mostly photos or videos, but text takes up far less space. If we were to combine all of the text on NamePros, it would barely put a dent in 150 GB.

But that's where Epik goofed. You logged EVERYTHING and you should not have. I assume you know this now but realistically your site should never had needed 150GB of database or files. My site is 17 years old with 50m posts and millions of members. The whole thing is under 10GB archived. I prune what I don't need. I don't log what I don't need. I don't backup what I don't need. I'm gonna assume Rob made these choices and I hope the lesson he learns from all this is to find a competent CTO to make these choices.

I look at the whole Federated thing and I get it but I don't like it. I've seen these types of attempts at multi-system integrations before. I even tried it myself once. They tend to fail. It might sound easier to have one login but it ends up causing headaches. You're better off allowing social logins like Google, Twitter, and Facebook if you want that type of system. If I want a Bitmitigate account, then I'll sign up for that.

I understand and respect that, but when you're a member of a marginalized community that is often targeted by the groups that Rob is willing to stick up for and serve even when nobody else will, it's impossible to set politics aside. It's impossible to be "apolitical" when the validity of your humanity is a political issue.

Then understand and respect that when you're a member of a community targeted by groups like Anonymous, SJW's or Marxists that people like Rob are brave as they are the few willing to stand up and help when nobody else will. It's impossible to be apolitical when your ideals and speech are being cancelled.

You just want the right to exist, maybe that's all other people want as well. You think it's okay to target people you don't agree with but you're not okay with people targeting you. There is a word for that, hypocrisy. You're here to be political and to smear Rob. I doubt you were ever an Epik customer so this has never personally effected you. I question your motives for participating here. I think you're gloating and want to do your best to spread the story and say whatever you can to hurt Rob and Epik because you have an agenda. Joining here just for that imho disqualifies you from participating in a manner befitting this community.

EPIK was supporting racists and extremists...BUT MANY OF YOU LET THAT GO, and thats why you got fukd in this breach. seriously!

It's actually why I used Epik. Not because I agree with racists or extremists but because I know my domain is protected by someone that actually cares about free speech. As an American I've grown up believing in the Constitution. I continue to see its power being diminished by cancel culture and I don't like it. I'm not a racist, extremist, or whatever label. Just a guy that believes in liberty, not just mine but yours too. When I test on political spectrums I'm dead central. Just saying that believing someone who uses Epik is supporting racism or is a racist isn't accurate.

 

[NicTraders]

Also bought QUICKBUNNY.COM, POKERBITCH.COM, and a couple others on the list.

That list also included MONSTERFIGHTS.COM. Ah, the irony. Lol

 

[FiniteCrystal]

Why those companies which host the hacked data on their websites are up and running

Stop right there with that conspiratorial nonsense. I've been unable to find a working "website" where the data is being hosted. You must download a torrent, which uses a distributed peer-to-peer network to download the files from other users who have also downloaded it. I am not condoning the hack, but now that the data is out there, it's important for many groups to find out what it contains.

 

[Windoms]

I don't know what this is supposed to mean, but it's vaguely threatening and I don't appreciate it. I know people like you don't appreciate the work I'm doing and hate me for speaking ill of your nazi-enabling pals at Epik (or other mysterious reasons), but attempting to intimidate me with statements like this is incredibly immature.

Don't feel obligated to answer people, I am sure you wouldnt reply to a madman talking to you in the streets.

We appreciate what you've shared so far.

 

[Lox]

I don't know what this is supposed to mean, but it's vaguely threatening and I don't appreciate it. I know people like you don't appreciate the work I'm doing and hate me for speaking ill of your nazi-enabling pals at Epik (or other mysterious reasons), but attempting to intimidate me with statements like this is incredibly immature.

"I think" means "in my opinion" ... [ Shakespeare has often been compared with a contemporary domainers ]

 

[johnn]

That's good enough.
Now back to the topic.

 

[Peak.Domains]

"I think" means "in my opinion" ... [ Shakespeare has often been compared with a contemporary domainers ]

I would imagine she was referring to the "we all know who you are" part of the message as a point of concern, not the "I think" part.

 

[skyz21]

Just heard about all this. Bit mind blowing as I trusted them with high level security, LOL. If a personchanges their password, adds 2FA, and changes to an email that uses 2FA, that would eliminate most risk of unwanted access/transfers? I'm keen to hear others thoughts, as I have a few there. Cheers all, stay safe

 

[FiniteCrystal]

Just heard about all this. Bit mind blowing as I trusted them with high level security, LOL. If a personchanges their password, adds 2FA, and changes to an email that uses 2FA, that would eliminate most risk of unwanted access/transfers? I'm keen to hear others thoughts, as I have a few there. Cheers all, stay safe

I think the risk of unwanted transfers is pretty low at this point, especially if you change your password on Epik's FederatedIdentity platform and enable a 2 factor authentication. FI is based on Red Hat's Keycloak authentication system which is technically a hell of a lot better than Epik's proprietary garbage. If I were you I would start making plans to transfer your high value/security domains to a better registrar.

 

[labrocca]

I don't know what this is supposed to mean, but it's vaguely threatening and I don't appreciate it. I know people like you don't appreciate the work I'm doing and hate me for speaking ill of your nazi-enabling pals at Epik (or other mysterious reasons), but attempting to intimidate me with statements like this is incredibly immature.

Um...no threat at all. I'm not a malicious person, I'm public. Most people know who I am, where I live, and what I do. My username is my last name. You want my address? I'm harmless other than a vocal person online. Also, I don't hate you or anyone really. Just not a thing for me.

I was just saying based on your posting style that I think I know who you are. I think it's odd that you joined under a pseudonym when you already have an account here. You say you feel threatened but your actions are the more aggressive when you join under a secondary account to post about Rob. I don't think that's very nice at all.

I am not trying even 1% to intimidate you. I actually think it's the opposite. You're using a new account to attack Rob.

 

[carob]

You're here to be political and to smear Rob. I doubt you were ever an Epik customer so this has never personally effected you. I question your motives for participating here. I think you're gloating and want to do your best to spread the story and say whatever you can to hurt Rob and Epik because you have an agenda.

This wasn't directed at me, but I'd like to say that attributing motives here is not helping the discussion.

As I said a few pages back, there are two concerns: the service provided by Epik and the privacy/security effects on customers, and the reputational issues - positive or negative - in being associated with Epik.

It's possible to have concerns about Epik, and voice them, without wishing to destroy Epik or responding to political or religious positions taken by Epik under Rob Monster's control. And it is possible to study and understand the data without having any other agenda than understanding it and sharing that knowledge. Most people have neither the time, knowledge or resources to explore the data - they appreciate others doing it for them.

If someone analyses earthquake data and it helps me avoid catastrophe, I wouldn't accuse them of trying to destroy cities or targeting my home.

 

[labrocca]

This wasn't directed at me, but I'd like to say that attributing motives here is not helping the discussion.

As I said a few pages back, there are two concerns: the service provided by Epik and the privacy/security effects on customers, and the reputational issues - positive or negative - in being associated with Epik.

I was told I was being threatening and hateful. I had to respond to that. But I can feel that I should bow out of the discussion now. I think I've said my peace.

Thanks for reading and best of luck to everyone.

 

[Paul]

I was just saying based on your posting style that I think I know who you are. I think it's odd that you joined under a pseudonym when you already have an account here. You say you feel threatened but your actions are the more aggressive when you join under a secondary account to post about Rob. I don't think that's very nice at all.

We're not going to allow vague accusations like that here. I know it's commonplace on Twitter, but it's not appropriate for NamePros. If you suspect a duplicate account, report it--don't comment about it. Each member is only permitted one free account.

We've been seeing this argument with increasing frequency on NamePros: the other side's arguments and points are invalid because they are bots or puppet accounts. Every time we've investigated such claims, they turned out to be not just unfounded, but verifiably false.

Address the claims within each post, not the person or account behind those claims.

 

[FiniteCrystal]

I was just saying based on your posting style that I think I know who you are. I think it's odd that you joined under a pseudonym when you already have an account here.

I did not have an account here before creating this one. I used the same username as my Twitter handle in hopes that some people would recognize my Tweets. I believe if my posting style proves anything, it's that I am in fact @FiniteCrystal from Twitter. More ridiculous conspiratorial garbage from the Epik Defense Force

I'm certainly not here to attack Rob Monster. I don't think Rob is a respectable person but as previously stated, I really don't care about him at all. I'm also not here to "be political", but I won't shy away from making political statements for reasons I've already discussed. The reason I'm here is to discuss the Epik hack, and share information about what exactly it contains. Now if we can get over this bizarre arc of harassing the new girl because she thinks your favourite company is bad and move on to actually discussing the topic of the damn thread, I'd appreciate it.

 

[.X.]

btw, I thought I had bought killcops.com here on Namepros but I had to look it up to be sure. I think I paid $10.

https://www.namepros.com/threads/updates-list-of-names.87000/#post-566345

Also bought QUICKBUNNY.COM, POKERBITCH.COM, and a couple others on the list.

And wow about the Hitler crap. This is turning into a witch hunt. The narrative is obvious. Paint Rob as a Nazi and destroy his image.



Epik has some major players of the Far Right like Gab. But as you pointed out about many Right Wing sites and domains they are not exclusively or even the majority registered at Epik. Also note that IT IS NOT ILLEGAL. There is absolutely nothing illegal happening.

Cancel culture working really hard today.



Yes, all fairly true. Massive screw up by Epik. I'm fairly sure they know that. A person could absolutely decide to leave their service and middle-finger them on the way out. Or a person could decide their value to them and choose to forgive expecting them to fix the problems. I don't see that as super desperate. Just willing to give Epik a chance at fixing this and moving forward hopefully stronger.



But that's where Epik goofed. You logged EVERYTHING and you should not have. I assume you know this now but realistically your site should never had needed 150GB of database or files. My site is 17 years old with 50m posts and millions of members. The whole thing is under 10GB archived. I prune what I don't need. I don't log what I don't need. I don't backup what I don't need. I'm gonna assume Rob made these choices and I hope the lesson he learns from all this is to find a competent CTO to make these choices.

I look at the whole Federated thing and I get it but I don't like it. I've seen these types of attempts at multi-system integrations before. I even tried it myself once. They tend to fail. It might sound easier to have one login but it ends up causing headaches. You're better off allowing social logins like Google, Twitter, and Facebook if you want that type of system. If I want a Bitmitigate account, then I'll sign up for that.



Then understand and respect that when you're a member of a community targeted by groups like Anonymous, SJW's or Marxists that people like Rob are brave as they are the few willing to stand up and help when nobody else will. It's impossible to be apolitical when your ideals and speech are being cancelled.

You just want the right to exist, maybe that's all other people want as well. You think it's okay to target people you don't agree with but you're not okay with people targeting you. There is a word for that, hypocrisy. You're here to be political and to smear Rob. I doubt you were ever an Epik customer so this has never personally effected you. I question your motives for participating here. I think you're gloating and want to do your best to spread the story and say whatever you can to hurt Rob and Epik because you have an agenda. Joining here just for that imho disqualifies you from participating in a manner befitting this community.



It's actually why I used Epik. Not because I agree with racists or extremists but because I know my domain is protected by someone that actually cares about free speech. As an American I've grown up believing in the Constitution. I continue to see its power being diminished by cancel culture and I don't like it. I'm not a racist, extremist, or whatever label. Just a guy that believes in liberty, not just mine but yours too. When I test on political spectrums I'm dead central. Just saying that believing someone who uses Epik is supporting racism or is a racist isn't accurate.



I think we all know who you are.

the Nazi domains are at another register .. the register that bans websites lol ..

I agree .. it appears like a full effort to defame character to finish what the hack didn’t .. expose or whatever .. but like I said … the Nazi domains are at another register . So

a Witch hunt .. there is a thought ..

 

[Samer]

what the hell does Transphobic mean ??

well .. I mean .. people come on here to attack Rob Monster .. so people will post to defend Rob Monster … what is good for the goose is good for the gander .. that is fair play … maybe stop the attacks altogether ?? Or deal with getting attacked back

Talk to @Rob Monster

He is the most affable person i’ve ever met.

Dont trust the hit pieces by people who just want Rob to look like Hitler political narrative. Monster treatment ultimate case of projection.

God bless you, @Rob Monster.

Samer

 

[Future Sensors]

I found a table that included mailer logs for all of the registrar related emails that Epik sent out, including domain expiration notifications. The data wasn't for all time or anything, I don't remember what the start and end dates were, but it was mostly in 2020. Oddly, one of the columns in this table indicated that Epik has been Bccing ALL of these emails to an account on a seemingly random domain that is operated by one of their customers. I looked up the domain's invoice and it was paid for by a customer in Russia. I am willing to provide more info about this domain if it's allowed here.

Tagging @Rob Monster here, to give him a chance to give his view on the matter.

Rob, in your live Q&A following the Epik Breach you mentioned several times that Epik is using "shitty" Russian code, for instance here:

[Monster] "Yes, shitty Russian code. We bought some shitty Russian code and we actually didn’t really have an opportunity to evaluate that code until we finished, until we really took control over everything."
​

Is this (the use of the Russian code) related to the findings mentioned above by @FiniteCrystal?

What was the intention of these bcc mails? Do you think this is alarming? Were you aware of it?

 

[FernandoBMS]

[Monster] "Yes, shitty Russian code. We bought some shitty Russian code and we actually didn’t really have an opportunity to evaluate that code until we finished, until we really took control over everything."

@Rob Monster in the Q&A about the Epik Fail hack

"Monster, 0:11:05: It’s me. I tried to mute the new person but I muted myself, that’s me. So when we… this will sound funny. When this breach occurred, I think for many of our top engineers this was the first time they saw the code. And that sounds really stupid, but the history of Epik is that we acquired a company called IntrustDomains back in 2011..."

(...)

[reading the chat. Full comment from chat was from “JorgeOrwell”: “So you bought some shitty russian code and never fixed it? MD5s. Rob common (sic) man”] Yes, shitty Russian code. We bought some shitty Russian code and we actually didn’t really have an opportunity to evaluate that code until we finished, until we really took control over everything."

(...)

But in the process of doing those acquisitions and raising that capital, what we assembled was really capable people, and some of the different business units that we’ve acquired came with really really talented technologists, and we’re working on basically retooling the development organization. In fact, because of this incident we formed a technical core team. I’ve been kind of the acting CTO if you look at the org chart, well, it’s not public."

Unfortunately I think that org chart may be public now. Rob Monster is the CEO and acting CTO. Vitaliy Opryshko is (was?) Head Of Software Development for the last decade according to his linkedin.