alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[FiniteCrystal]

I understand that part .. but knowing Rob owns a domain register is much different if the Whois information were in my name .. Rob is going to have domains in his name that he didn’t register himself or actually own … things are not always what they appear to be as now proven … the problem ? IMO … all of that was spread on Twitter .. I see that as a big problem .. maybe i am wrong though ..

You must not spend much time on Twitter, because you're taking it entirely too seriously. Due to the limitations and design of the platform, crap like this happens all the time, it's just a fact of life now. I already explained why I think Monster does deserve at least some ridicule for this and your unwillingness to just let it go is getting very annoying to the people here trying to discuss the topic of the thread.

 

[Beezy]

The first few times I saw tweets about the research from this, I copy/pasted them directly into the interface here, not sure how to proceed.

Then I saw others actually embedding the tweets, so i figured this was the best path at the moment.

Embedding...

1. Reduced liability for the site. You can go to twitter.com and remove it and embed goes poof.
2. Kept us up to date with WHAT was being researched and shared and by whom.
3. Let others go and correct the sources, add, context, etc.

Context was added all over this thread and on twitter.

I don't get why there is another page about an event from like days ago, as this whole thing seems to have progressed much further.

Let's keep it on the rails.

.X., I get what you're saying but like I said, the conclusion was in the data.

 

[.X.]

You must not spend much time on Twitter, because you're taking it entirely too seriously. Due to the limitations and design of the platform, crap like this happens all the time, it's just a fact of life now. I already explained why I think Monster does deserve at least some ridicule for this and your unwillingness to just let it go is getting very annoying to the people here trying to discuss the topic of the thread.

I don’t use social media at all .. I just read the Tweets that people have posted .. I am discussing the thread .. the thread has as much to do with character Assassination as it does the hack itself … read through it.

 

[FiniteCrystal]

I don’t use social media at all .. I just read the Tweets that people have posted .. I am discussing the thread .. the thread has as much to do with character Assassination as it does the hack itself … read through it.

The only reason the thread has anything to do with character assassination is because the conspiratorial Epik Defense Force keeps making it about that. It really feels like a lot of people in this thread are trying to deflect from the severity of the hack by accusing everyone saying anything that isn't 100% glowing praise about Epik of character assassination or whatever.

 

[bmugford]

The only reason the thread has anything to do with character assassination is because the conspiratorial Epik Defense Force keeps making it about that. It really feels like a lot of people in this thread are trying to deflect from the severity of the hack by accusing everyone saying anything that isn't 100% glowing praise about Epik of character assassination or whatever.

This has kind of been the MO of some here in the past when it came to other controversies.

This is far too large and mainstream for deflect, and blame others to work.

Brad

 

[branding]

Does anyone have any interesting questions as to what that data includes? I'd be happy to take a look and report back.

First of all, thanks for joining. There's so much data, any additional manpower for research is appreciated!

As for your offer, have you noticed any sign of the leak containing stored IDs? And I mean actual IDs (passport, driver license etc). Like some other registrars they encouraged ID verification, although not mandatory.

E has never given us/me a definitive answer to the question of what happens to it after verification.

 

[oldtimer]

Please stay on topic

In a way I Am staying on topic,

Some of these discussions are perhaps at the rooths of why Epik has been hacked.

The title of this thread doesn't indicate that only technical analysis of this situation is allowed.

IMO

 

[bmugford]

As for your offer, have you noticed any sign of the leak containing stored IDs? And I mean actual IDs (passport, driver license etc). Like some other registrars they encouraged ID verification, although not mandatory.

E has never given us/me a definitive answer to the question of what happens to it after verification.

That is a question I have as well. Epik has collected and stored ID for various purposes.

Were these stored on the same servers? If so they have likely been breached as well, even if they were not included in the actual data dump.

Brad

 

[bmugford]

https://en.wikipedia.org/wiki/2021_Epik_data_breach

 

[jmcc]

First of all, thanks for joining. There's so much data, any additional manpower for research is appreciated!

It is appreciated but the problem is that some of the researchers and journalists do not understand what they are looking at in the dataset or that some of the domain names were not registered via Epik. One of the tables that was mentioned on Twitter was a domain scanner table which had obvious (to some) sales nameservers so Epik may have been monitoring domain names on sale on various sites. These could possibly have ended up in the WHOIS records that Epik scraped.

Regards...jmcc

 

[FiniteCrystal]

As for your offer, have you noticed any sign of the leak containing stored IDs? And I mean actual IDs (passport, driver license etc). Like some other registrars they encouraged ID verification, although not mandatory.

Were these stored on the same servers? If so they have likely been breached as well, even if they were not included in the actual data dump.

I'm assuming these would most likely be in some sort of image format, like PNG or JPEG. I haven't dug through the included files too much as I've been mostly focused on the database, but a cursory search didn't turn up anything that obviously looked like an ID scan. In the main database, there is a table called `users_kc_identity` that contains numeric user IDs (it seems like Epik was assigning sequential user ID numbers to each new user and then using that ID to refer to the user in other parts of the database) and what appear to be UUIDs. If I was a gambler I would wager that those UUIDs are the names of the flat files where the user's ID was stored. I don't know where the IDs were stored, but if the hacker (or a potential other hacker, there is some evidence that Epik may have been investigating a possible previous breach) did have access to the files, it's likely that they would be able to use this table to associate an ID with an account.

 

[Lox]

First of all, thanks for joining. There's so much data, any additional manpower for research is appreciated!

As for your offer, have you noticed any sign of the leak containing stored IDs? And I mean actual IDs (passport, driver license etc). Like some other registrars they encouraged ID verification, although not mandatory.

E has never given us/me a definitive answer to the question of what happens to it after verification.

.... normal way is to store all KYC related documents for a minimum of 5 years in a secret offline
climate-controlled bunker - using tapes.

Digging

 

[FiniteCrystal]

.... normal way is to store all KYC related documents for a minimum of 5 years in a secret offline
climate-controlled bunker - using tapes.

Digging

I can say with a pretty high degree of certainty that they weren't doing that, just based on some of their other security practices. lmao

 

[.X.]

The only reason the thread has anything to do with character assassination is because the conspiratorial Epik Defense Force keeps making it about that. It really feels like a lot of people in this thread are trying to deflect from the severity of the hack by accusing everyone saying anything that isn't 100% glowing praise about Epik of character assassination or whatever.

it’s not about Glowing Blaze .. stay off the owner and completely keep the full attention on the Hack itself …people will have to stop using Robs name in a derogatory manner .. it’s as simple as that .. the Hack is very bad .. it could have been handled better after the fact … but it’s a Hack .. of a company .. nothing new going on with that … no personal shots and the thread stays 1000% on topic of the Hack itself

 

[FiniteCrystal]

it’s not about Glowing Blaze .. stay off the owner and completely keep the full attention on the Hack itself …people will have to stop using Robs name in derogatory manner .. it’s as simple as that .. the Hack is very bad .. it could have been handled better after the fact … but it’s a Hack .. of a company .. nothing new going on with that … no personal shots and the thread stays 1000% on topic of the Hack itself

Monster's behaviour, both historical and current, actually has a lot to do with the hack. If Monster didn't try to cut out a niche for himself as "the guy who will sell literally (almost) anyone a domain", pulling marketing stunts like running Nazi websites, Epik wouldn't have attracted so many unsavory customers, thus hacktivists wouldn't have broken into their system. If he wasn't so arrogant and clueless about security his data wouldn't have been stored in such an insecure way (or at all, most of this stuff they did not need!) If they had patched their systems they might not have even gotten hacked. Did you miss the part where they probably failed to notify anyone that they were investigating a potential breach in 2020? Nobody is trying to defame your friend, they're criticizing him for making so many poor life choices and business decisions.

 

[.X.]

Monster's behaviour, both historical and current, actually has a lot to do with the hack. If Monster didn't try to cut out a niche for himself as "the guy who will sell literally (almost) anyone a domain", pulling marketing stunts like running Nazi websites, Epik wouldn't have attracted so many unsavory customers, thus hacktivists wouldn't have broken into their system. If he wasn't so arrogant and clueless about security his data wouldn't have been stored in such an insecure way (or at all, most of this stuff they did not need!) If they had patched their systems they might not have even gotten hacked. Did you miss the part where they probably failed to notify anyone that they were investigating a potential breach in 2020? Nobody is trying to defame your friend, they're criticizing him for making so many poor life choices and business decisions.

See … we have to stay on the subject because you continue to post things finger pointing Rob .. we didn’t have to .. but I guess we will ..

to my knowledge .. Rob wasn’t running any Nazi websites ??… he was allowing the owners of controversial websites to be hosted on his hosting platform .. that is my understanding …. Then you say Nazi without reservation when referencing these controversial websites .. are they considered Nazi because they are people from the USA Right Wing ?? Or ??

 

[FiniteCrystal]

to my knowledge .. Rob wasn’t running any Nazi websites ??… he was allowing the owners of controversial websites to be hosted on his hosting platform .. that is my understanding …. Then you say Nazi without reservation when referencing these controversial websites .. are they considered Nazi because they are people from the USA Right Wing ?? Or ??

BitMitigate was providing Cloudflare-like services to a very infamous Nazi website with a USSR ccTLD. Monster supposedly dropped them as soon as he found out about it but I believe Epik was pretty tight with BitMitigate before they merged. If he didn't know about the company's connections he should have done his research and made sure all the kinks were worked out long before they merged. He was also hosting Joey Camp's website, all the way up to the moment Rebel.com suspended the domain, despite promising to take it down during the conference call. That's a doxxing website, I don't think that shit is acceptable. You're trying to split hairs over some stupid semantic game. Fine, Epik doesn't host Gab or Parler but they developed a reputation for themselves based on the fact that they were willing to accept registrar customers that other registrars don't want to touch. That's what made Anonymous interested in Epik's data, that's why they suffered this particular hack. They need to fix their security and they should seriously reconsider their business practices, why are you still deflecting from that?

 

[bmugford]

BitMitigate was providing Cloudflare-like services to a very infamous Nazi website with a USSR ccTLD. Monster supposedly dropped them as soon as he found out about it but I believe Epik was pretty tight with BitMitigate before they merged. If he didn't know about the company's connections he should have done his research and made sure all the kinks were worked out long before they merged. He was also hosting Joey Camp's website, all the way up to the moment Rebel.com suspended the domain, despite promising to take it down during the conference call. That's a doxxing website, I don't think that shit is acceptable. You're trying to split hairs over some stupid semantic game. Fine, Epik doesn't host Gab or Parler but they developed a reputation for themselves based on the fact that they were willing to accept registrar customers that other registrars don't want to touch. That's what made Anonymous interested in Epik's data, that's why they suffered this particular hack. They need to fix their security and they should seriously reconsider their business practices, why are you still deflecting from that?

I agree. You can scream "free speech" all you want, but a lot of stuff that was going on was not that.

Free speech is not an unlimited right that covers nefarious actions like doxxing, threats, intimidation, harassment, etc.

It is not surprising Epik was subpoenaed for information regarding ongoing investigations. It appears there were parties connected to the 1/6 insurrection, among many other bad actors.

Brad

 

[FiniteCrystal]

It is not surprising Epik was subpoenaed for information regarding ongoing investigations. It appears there were parties connected to the 1/6 insurrection, among other bad actors.

Oh, yeah, I'm pretty sure this has been discussed already but I found some notes in one of the tables that said not to tell certain customers about some subpoenas that Epik had received. Looks like Epik handed some data over to the FBI and didn't want the customers finding out about it.

 

[.X.]

BitMitigate was providing Cloudflare-like services to a very infamous Nazi website with a USSR ccTLD. Monster supposedly dropped them as soon as he found out about it but I believe Epik was pretty tight with BitMitigate before they merged. If he didn't know about the company's connections he should have done his research and made sure all the kinks were worked out long before they merged. He was also hosting Joey Camp's website, all the way up to the moment Rebel.com suspended the domain, despite promising to take it down during the conference call. That's a doxxing website, I don't think that shit is acceptable. You're trying to split hairs over some stupid semantic game. Fine, Epik doesn't host Gab or Parler but they developed a reputation for themselves based on the fact that they were willing to accept registrar customers that other registrars don't want to touch. That's what made Anonymous interested in Epik's data, that's why they suffered this particular hack. They need to fix their security and they should seriously reconsider their business practices, why are you still deflecting from that?

I am not deflecting from the Hack .. The Security Issues .. just the personal attacks ..

 

[.X.]

Oh, yeah, I'm pretty sure this has been discussed already but I found some notes in one of the tables that said not to tell certain customers about some subpoenas that Epik had received. Looks like Epik handed some data over to the FBI and didn't want the customers finding out about it.

i am sure the customers had figured that out lol …

 

[oldtimer]

Free speech is not an unlimited right that covers nefarious actions like doxxing, threats, intimidation, harassment, etc.

We all agree that there are some limitations to Free Speech,

But, does anyone have the right to dictate what people can or can not do with their domain name, website, content, or memberships if those people haven't violated the TOS or any of the laws.

Can the Registrar, Registry, or Hosting Companies arbitrarily pick and choose which controversial groups they want to keep and which ones they want to silence (cancel) based on what is aligned with their own ideologies and preferences.

IMO

 

[.X.]

I agree. You can scream "free speech" all you want, but a lot of stuff that was going on was not that.

Free speech is not an unlimited right that covers nefarious actions like doxxing, threats, intimidation, harassment, etc.

It is not surprising Epik was subpoenaed for information regarding ongoing investigations. It appears there were parties connected to the 1/6 insurrection, among many other bad actors.

Brad

because I wasn’t .. and am not a member of those sites .. I wouldn’t know .. I have never even read posts off the sites that have been named in this thread …. But it will all work itself out ..

 

[FiniteCrystal]

I am not deflecting from the Hack .. The Security Issues .. just the personal attacks ..

Nobody is trying to defame your friend, they're criticizing him for making so many poor life choices and business decisions.

They're not personal attacks, they're professional attacks because he made a lot of stupid business decisions. You keep saying it's not a deflection but it really feels like a deflection. "Stop attacking my friend, stop discussing how badly he screwed up the security and how he likes helping fashy types with internet services." Remember that was the motive for the hack. I don't have anything else to say to you.

 

[bmugford]

But, does anyone have the right to dictate what people can or can not do with their domain name, website, content, or memberships if those people haven't violated the TOS or any of the laws.

Can the Registrar, Registry, or Hosting Companies arbitrarily pick and choose which controversial groups they want to keep and which ones they want to silence (cancel) based on what is aligned with their own ideologies and preferences.

IMO

I mean, the only real reason a website would be suspended is either a legal or TOS issue really.

Private companies like registrars, hosts, etc. can largely set their own TOS.

GoDaddy gave the Texas right to life whistleblower website the boot for doxxing reasons. They were attempting to collect and store private 3rd party information, including medical records. That violated GoDaddy's TOS (and maybe the law).

I saw a bunch of Epik fans attack this decision by GoDaddy.

Epik then told them they would not allow that website either. It is a violation of their TOS as well.

Private companies largely decide where the line is when it comes to deciding who they do business with.

Brad