Dynadot

alert Epik Had A Major Breach

NameSilo
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
The Gab/Parler situations showed how that is not such a serious issue at a registrar/hosting level because it was possible to move the domain name and hosting elsewhere.

Regards...jmcc

They were arbitrarily kicked out by the Registrar not as a result of a judgment by a Panel of Judges.

IMO
 
0
•••
They were arbitrarily kicked out by the Registrar not as a result of a judgment by a Panel of Judges.

IMO

The private company is the judge of who they want to do business with. That is how the free market works.

Brad
 
3
•••
3
•••
Fellas, maybe going in circles forever would be better in a different thread 😜

I'm sure there are still a lot of people just learning about the Original Topic, and it's already gonna be a nightmare digging through so many pages for relevant info. Most simply won't do it.

I think at a certain point it would be far more useful to have a succinct thread of facts without all the discussion.

Right now people mostly just need pertinent advice about what they need to do to secure their account, what passwords need changed, what financial details may be floating around out there now, etc.

There's already several long threads about the pros/cons/discussion of Epik & R.M.
 
Last edited:
17
•••
I wasn't aware of Epik hosting all these disgusting sites. Has Rob Monster ever given a public opinion on why he is OK with hosting this stuff?

I would assume he has the argument of freedom of speech, but you have to draw the line somewhere and I can't help but to wonder how you can go to sleep at night knowing that you are hosting sites for groups that advocate and promote terrorism.

I don't like to judge until I hear a person defend himself...until I hear them speak for them self before I decide what to think about a controversy, but so far all of this comes as an extreme shock! 🤯 Like WTF!?
 
Last edited:
0
•••
I wasn't aware of Epik hosting all these disgusting sites. Has Rob Monster ever given a public opinion on why he is OK with hosting this stuff?

I would assume he has the argument of freedom of speech, but you have to draw the line somewhere and I can't help but to wonder how you can go to sleep at night knowing that you are hosting sites for groups that advocate terrorism.

I don't like to judge until I hear a person defend himself...until I sl hear them speak for the self before I decide what to think about a controversy, but so far all of this comes as an extreme shock! 🤯 Like WTF!?

They are pretty well known for the extreme content that they allow, and sometimes court.
Wikipedia highlights that fact.

https://en.wikipedia.org/wiki/Epik_(company)

In fact, that Wikipedia entry lead to a Wiki editor named Molly White being targeted and harassed, bullied, doxxed, and threatened.

More info -

https://www.namepros.com/threads/epik-wikipedia-battle-is-full-on-right-now.1186029/
https://www.namepros.com/threads/please-sign-this-petition-to-help-mr-rob-monster.1186329/

You can read Molly White's response here -
https://blog.mollywhite.net/response-to-the-changeorg-petition-about-me/

Some other threads worth a read -

https://www.namepros.com/threads/whats-going-on-with-epik-and-rob-monster.1128748/
https://www.namepros.com/threads/an-epik-statement-on-racism-and-injustice.1194949/

In those threads you can read Rob Monster's own words and see how you feel.

Brad
 
Last edited:
7
•••
Fellas, maybe going in circles forever would be better in a different thread 😜

My last post on the subject:

I am not saying that certain websites shouldn't be taken down, all I am saying is that if a website is going to be taken down it has to be as a result of a judgment by a panel of judges and not based on the interests, agendas, and Ideologies of the Registrars, Registries, or Hosting Companies.

Their TOS should only be applied to clear cut cases that are in violation of the law, everything else has to be decided by a panel of judges. (end of story)

IMO
 
3
•••
I wasn't aware of Epik hosting all these disgusting sites. Has Rob Monster ever given a public opinion on why he is OK with hosting this stuff?

I would assume he has the argument of freedom of speech, but you have to draw the line somewhere and I can't help but to wonder how you can go to sleep at night knowing that you are hosting sites for groups that advocate and promote terrorism.

I don't like to judge until I hear a person defend himself...until I hear them speak for them self before I decide what to think about a controversy, but so far all of this comes as an extreme shock! 🤯 Like WTF!?
Just look at facts.

A company has been boasting about its security and privacy.
Yet this was hiding under the rug.

On a sidenote, attracting extremists on a single platform while promoting security is the dumbest thing ever because you will inevitably become the target of hackers and governement organizations of all sorts (even foreign China Russia) for the sole reason of hosting such people.

Like hey Im Mr China/Russia I want to contact and fund the owners of everyonewhocoulddestroyamericansociety.com, lets hack epik.
Or a Chinese dissident chooses epik for its Chinese politics forum because it seems like a secure registrar.

Bound to happen, when you label a company as THE place for deviants, extremists, and dissidents.
And now everyone knows about it.
 
8
•••
On a sidenote, attracting extremists on a single platform while promoting security is the dumbest thing ever because you will inevitably become the target of hackers and governement organizations of all sorts (even foreign China Russia) for the sole reason of hosting such people.

Like hey Im Mr China/Russia I want to contact and fund the owners of everyonewhocoulddestroyamericansociety.com, lets hack epik.
Or a Chinese dissident chooses epik for its Chinese politics forum because it seems like a secure registrar.

Bound to happen, when you label a company as THE place for deviants, extremists, and dissidents.
And now everyone knows about it.

I am not a conspiracy theorist... but get a bunch of extremists using one company, then one of the most complete data breaches in history happens. Names, addresses, passwords, credit cards, VPN records, and much more.

This a real honeypot for law enforcement.

Brad
 
Last edited:
4
•••
Last edited:
2
•••
This a real honeypot for law enforcement.

As a security professional, I would like to point out that the term "honeypot" in security refers to setting up a shadow system with fake data, which is intended to attract hackers and learn from new attack techniques. In Epik's case, unfortunately, it was about real data.
 
11
•••
I am not a conspiracy theorist... but get a bunch of extremists using one company, then one of the most complete data breaches in history happens. Names, addresses, passwords, credit cards, VPN records, and much more.

This a real honeypot for law enforcement.

Brad

As a security professional, I would like to point out that the term "honeypot" in security refers to setting up a shadow system with fake data, which is intended to attract hackers and learn from new attack techniques. In Epik's case, unfortunately, it was about real data.

I don't think Brad meant it literally, but the point is clear. The real data in this case is what is most valuable to law enforcement, journalists etc. exposing extremists and not the attack techniques of potential hackers in the conventional honeypot terminology. PS there are different types of honeypots, but that is another topic. But in this case It's like Epik attracted all these "bad" actors, the ultimate honeypot attracting flies in a creative way of speaking. Flies can be hackers or nazis or jan 6th law breakers, extremists etc. etc.
 
9
•••
I don't think Brad meant it literally, but the point is clear.

You're right. It was more of an addition, to indicate how the term is used in security. In common language it certainly has other meanings as well.
 
7
•••
Apologies if this has been posted already, but see hashtag #epikfail on Twitter.
 
4
•••
9
•••
Hii,
I am new to this whole domain thing; buying, selling domains to make profit. And also, new to NamePros, I should have gone to introduce myself in the forum section, but I guess I will do it later.

I bought a few of them on Epik through Anonymize privacy add-on. They were mostly for long term holding for my future projects.

I can't remember exactly, but I had visited the site in 2020 to learn how domaining works. But registered with Epik I think in May 2021 and bought the one I wanted in May-June 2021. I checked myself on haveibeenpawned website with my email address and it seems I am not afffected.

So, the people who have the data in front of their eyes for whatever reasons, can tell me (or others) with certainty that the data is definitely before Feb2021.

Thank You.
 
Last edited:
3
•••
So, the people who have the data in front of their eyes for whatever reasons, can tell me (or others) with certainty that the data is definitely before Feb2021.
Summarizing the results of my investigation for others with similar questions.

I don't know when the hack occurred or what exactly the hacker had access to, I am almost certain that the database dump was made on February 28, 2021 or March 1, 2021.
 
4
•••
Lets all pray for this man. 🙏
On a brighter note. I got namecheap vpn now. I go to daddy, we need to text u a code. I go to namecheap, we need to text you a code cowboy
I go to epik, click login and wham bamn, thank you masm, i go right to control panel. Maybe you should make everyone login with credentials. Namesilo didnt even remember my username and password with vpn running. Sorry i didnt keep my wurd about posting in thread. At least i am on topic and not trying to hand out milk and cookies
 
3
•••
I go to epik, click login and wham bamn, thank you masm, i go right to control panel.
This is probably the result of FederatedIdentity being responsible for logging you into Epik with OAuth. If you got logged out of Epik's website but didn't need any password, Epik's website is working fine, but since your browser is already logged into FederatedIdentity (the same way you stay logged into Google) and you've already approved the OAuth application, you get logged in instantly. It's possible that Epik wasn't actually logging you out and perhaps you should be logged out of FederatedIdentity as well, but I don't think that's unusual.
 
1
•••
Just a thought semi-related to the subject of this firing.

A few years ago when you could get one word .co at godaddy closeouts, one that I thought about for a couple of minutes was j * 1 * h * @ * d . co

It was a short word! I thought maybe I could make $20 flipping it here.

Then I gave it some thought, and passed... because I would forever regret if I was screened at an airport because of a domain registration. Or worse.

Or worse. You know?

What you register is most likely attached to you, or will get unmasked.

Anyway, a random recollection from years ago.
 
5
•••
Epik now needs to enable username change!
Password - changed!
Email - changed!
Username - unable to change!
 
6
•••
Lets all pray for this man. 🙏
On a brighter note. I got namecheap vpn now. I go to daddy, we need to text u a code. I go to namecheap, we need to text you a code cowboy
I go to epik, click login and wham bamn, thank you masm, i go right to control panel. Maybe you should make everyone login with credentials. Namesilo didnt even remember my username and password with vpn running. Sorry i didnt keep my wurd about posting in thread. At least i am on topic and not trying to hand out milk and cookies

Interesting. You might end up seeing a lot more fallout like that.

There are certainly going to be a lot of people who end up being connected to things they would rather not be connected to.

Agent swept up in hack canned from brokerage for Holocaust views

Joshua Alayon allegedly tried to register a slew of domains such as holocaust-truth.com, theholocaustisfake.com, whitechristianrepublican.com and whitesencyclopedia.com

https://www.inman.com/2021/09/22/agent-swept-up-in-hack-canned-from-brokerage-for-holocaust-views/
 
1
•••
Epik now needs to enable username change!
Password - changed!
Email - changed!
Username - unable to change!
The username is not particularly security sensitive. I don't think it's really used for much. That being said, Epik could probably allow it since they're using sequential numeric IDs for account associations. You don't necessarily have to change your email either, just make sure you change your password and you'll be fine.
 
2
•••
I would forever regret if I was screened at an airport because of a domain registration. Or worse.

It is wise.

Somewhat offtopic here, but once I knowingly dropped a good domain, which (learned this by checking g search results on my domain/term) happened to be similar to another domain (business name) where the owner was sued for something _extremely_ bad. I decided to eliminate even a remote possibility of being (incorrectly) associated with that guy who still owns a domain similar to mine. Naturally, another domainer grabbed the one I dropped and listed it for sale...

As for epik leaked stuff, replacing the leaked account email in all _other_ places is what I'm doing now. Yeah, it is extra time and efforts - but we should now expect more spam, more hacking and social engineering attempts @ other registrars, potential association with "bad boys" should the epik db become _too_ public+searchable (like panama papers for example), etc etc, etc. So, dropping (at least) this email makes sense imo.
 
Last edited:
1
•••
Epik now needs to enable username change!
Password - changed!
Email - changed!
Username - unable to change!
+ Account deletion function. Not all current customers will use Epik after the hack, so why do they need Epik account at all?
 
2
•••
Back