alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[noneisnone]

the real question what changed at first we were told only a percentage of the users info was leaked now we find out the whole server ?

 

[Derek Peterson]

@DN Playbook not to pile on here you guys are doing enough ^^ but i don't think anyone involved in cyber security or anything tech related is gonna claim epik as his employer it would deduct from his years of experience and probably never be able to find a job again

the real question here is can it get any worst ? the whole server was leaked the fok

We haven't heard anything about the web hosting side of things. I'm sure all those server logins are probably in data as well. All their hosting customers sites are probably getting hacked as we speak. EPIK also has an email service, probably also compromised 100%.

 

[bmugford]

the real question what changed at first we were told only a percentage of the users info was leaked now we find out the whole server ?

Well, there are really only two possible options -

1.) They didn't know the extent.
2.) They did know the extent and mislead/lied.

Neither option is that reassuring.

Brad

 

[noneisnone]

@bmugford from the epik side of things they seem to downplay the situation but am asking from the hackers/reporters perspective from what i know the data was made public was there another dump that was released ?

 

[bmugford]

@bmugford from the epik side of things they seem to downplay the situation but am asking from the hackers/reporters perspective from what i know the data was made public was there another dump that was released ?

Yes, earlier today.

New leak of Epik data exposes company’s entire server

https://www.dailydot.com/debug/anonymous-new-epik-leak/

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.

“Files are one thing, but a virtual machine disk image allows you to boot up the company’s entire server on your own,” he said. “We usually see breaches with database dumps, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving.”

The data includes API keys and plaintext login credentials for not only Epik’s system but for Coinbase, PayPal, and the company’s Twitter account.

 

[Embrand]

I wonder who is going to use Epik's BitMitigate after this...

 

[noneisnone]

can anyone explain to me how epik is still up and running after all of this ? i mean there is no security measure you can take at this point other than start from scratch

 

[Derek Peterson]

I wonder who is going to use Epik's BitMitigate after this...

Well the upside to having a bunch of Maga and Q folks for customers is that they will believe about anything. The only way those people will stop using EPIK, even after all of this, is if some actual serious crimes are revealed or if it is revealed EPIK was a fed honeypot all along.

 

[DN Playbook]

I agree, but what are they really going to say?

Indeed, options are limited. But at least provide some info on how to protect yourself as a customer, mitigation plan, strategy, etc. From a pr perspective. Even though technically it is a mountain to climb. As Jesus said, with a little faith you can move mountains. Minimizing things is not going to work. Unless they (Rob) have been advised by lawyers not to say anything else.

 

[Jona4s]

Hey don't delete my posts. I'm just a black cat, I don't bite I swear.

(ฅ^♡ﻌ♡^ฅ) I'm full of love

 

[Kirtaner]

It will be interesting watching the inevitable continuing exodus of domains homed with Epik.

 

[Derek Peterson]

It will be interesting watching the inevitable continuing exodus of domains homed with Epik.

Not gonna happen unless you prove actual crimes or honeypot. They are maga and Q people, they'll believe anything as a cope. And, in their minds they are already "exposed" so why bother moving. Most of them won't even care or blame Epic at all. In fact, it might end up being used as marketing. eg. The gab hack and all the "nazi" and "fascist" accusations helped gab raise millions.

I honestly can't tell if both sides are just incredibly not self aware or if you are all working together to incite and divide people and it is all just a big show.

 

[Kirtaner]

Not gonna happen unless you prove actual crimes or honeypot. They are maga and Q people, they'll believe anything as a cope. And, in their minds they are already "exposed" so why bother moving. Most of them won't even care or blame Epic at all. In fact, it might end up being used as marketing. eg. The gab hack and all the "nazi" and "fascist" accusations helped gab raise millions.

I honestly can't tell if both sides are just incredibly not self aware or if you are all working together to incite and divide people and it is all just a big show.

They were down 9 percent in inventory yesterday.

 

[Derek Peterson]

They were down 9 percent in inventory yesterday.

That could just be a big domainer moving a block of domains. These domain companies don't make much money on domains, they make it on the upsells like "security features" lol, hosting, email, etc etc. Look at godaddy revenues.

Also, EPIK just got $32,000,000 from some investor. I'm sure he lied about customer numbers, as his pal Torba does, so prove active customers and get him used by investor.

 

[bmugford]

Not gonna happen unless you prove actual crimes or honeypot. They are maga and Q people, they'll believe anything as a cope. And, in their minds they are already "exposed" so why bother moving. Most of them won't even care or blame Epic at all. In fact, it might end up being used as marketing. eg. The gab hack and all the "nazi" and "fascist" accusations helped gab raise millions.

I honestly can't tell if both sides are just incredibly not self aware or if you are all working together to incite and divide people and it is all just a big show.

They were down 9 percent in inventory yesterday.

If you look at the WHOIS data of the top domains holders at Epik, most of the ones with the highest domain counts are domain investors.

Many of these people probably had no clue about the Epik controversy in the last few years. Lots of them are just there for pricing and don't use domain forums or domain blogs that often.

It is impossible to have not heard about this data breach. Epik has sent out a few emails and it is all over news outlets and social media.

If some of the portfolio holders transfer out it is going to be very painful. That is thousands and thousands of domains in one move.

Would you feel comfortable with your portfolio there after this?

Brad

 

[bmugford]

That could just be a big domainer moving a block of domains. These domain companies don't make much money on domains, they make it on the upsells like "security features" lol, hosting, email, etc etc. Look at godaddy revenues.

The vast majority of the domain count there are the domain investors / portfolio holders.

Brad

 

[bmugford]

Also, EPIK just got $32,000,000 from some investor. I'm sure he lied about customer numbers, as his pal Torba does, so prove active customers and get him used by investor.

If fairness is there any citation behind this, or just what someone casually said without any real evidence?

Normally big deals come with strings attached, they don't just hand over $32M in cash.

If anything that might come back to haunt Epik, if it comes to potential legal action against them.

Brad

 

[Derek Peterson]

The vast majority of the domain count there are the domain investors / portfolio holders.

Brad

Yeah, I know. Monster lowered prices to park so he could large domain count and look big to scam an investor. Torba hired a bunch of Nigerians to run human bots. The Right Grift. Should be a movie called The Right Grift about this time in history featuring, Infowars, Q, ProudBoys, Gab, etc.

 

[Derek Peterson]

If fairness is there any citation behind this, or just what someone casually said without any real evidence?

Normally big deals come with strings attached, they don't just hand over $32M in cash.

If anything that might come back to haunt Epik, if it comes to potential legal action against them.

Brad

The first I heard of it was when Monster mentioned it in his live stream a week or so ago. Some billionaire got got apparently.

 

[bmugford]

Yeah, I know. Monster lowered prices to park so he could large domain count and look big to scam an investor. Torba hired a bunch of Nigerians to run human bots. The Right Grift. Should be a movie called The Right Grift about this time in history featuring, Infowars, Q, ProudBoys, Gab, etc.

If I had domains there, I would certainly not feel comfortable now because of both their connections and security failures.

As if the security issue was not bad enough, now some of these domain holders are getting lumped in with the most extreme elements that Epik is known for.

I would expect portfolio holders to be re-evaluating their options at this point.

Brad

 

[Derek Peterson]

If I had domains there, I would certainly not feel comfortable now because of both their connections and security failures.

As if the security issue was not bad enough, now some of these domain holders are getting lumped in with the most extreme elements that Epik is known for.

I would expect portfolio holders to be re-evaluating their options at this point.

Brad

But how much will it hurt EPIK to lose those customers? That is kind of lost leader and the purpose was to get high domain counts to get an investor and get rich and that has already happened. All this publicity might easily make up the difference from losing domainers.

 

[bmugford]

But how much will it hurt EPIK to lose those customers? That is kind of lost leader and the purpose was to get high domain counts to get an investor and get rich and that has already happened. All this publicity might easily make up the difference from losing domainers.

A lot IMO.

There is a reason registrars use loss leader pricing to get registrations and transfers. It leads to all kinds of extra revenue streams from the sale of add-on services, expiry revenue streams, sales commissions, and much more.

Epik is not GoDaddy, a company worth billions. People pulling out thousands and thousands of domains will matter.

I don't think an unprecedented data breach that sees domain holders being lumped in with the extreme elements is real great for business.

Brad

 

[Derek Peterson]

A lot IMO.

There is a reason registrars use loss leader pricing to get registrations and transfers. It leads to all kinds of extra revenue streams from the sale of extra services, expiry revenue streams, sales commissions, and more.

Epik is not GoDaddy, a company worth billions. People pulling out thousands and thousands of domains will matter.

I don't think an unprecedented data breach that sees domain holders being lumped in with the extreme elements is real great for business.

Brad

Maybe, time will tell but if he really just got $32 million he can coast for a long time at a loss and rebuild as the victimized phoenix from the ashes, ugh.

For Monster this was always about getting an investor. Several years ago I was on this very site exposing his fake VPN and posting a bunch of things that exposed his lies, at first he lied and attacked me but I kept posting screen shots until he knew he was exposed then he sent me personal email and begged me to call him so I did, it was like midnight. He profusely apologized and asked me to forgive him for helping torba scam and doing the fake VPN, etc etc and laid on all the Christian brother talk and begged me to give him a day and he would make it all right. He lied. He didn't.

 

[bmugford]

Maybe, time will tell but if he really just got $32 million he can coast for a long time at a loss and rebuild as the victimized phoenix from the ashes, ugh.

For Monster this was always about getting an investor. Several years ago I was on this very site exposing his fake VPN and posting a bunch of things that exposed his lies, at first he lied and attacked me but I kept posting screen shots until he knew he was exposed then he sent me personal email and begged me to call him so I did, it was like midnight. He profusely apologized and asked me to forgive him for helping torba scam and doing the fake VPN, etc etc and laid on all the Christian brother talk and begged me to give him a day and he would make it all right. He lied. He didn't.

I am sorry, but I am taking what Rob says with a grain of salt at this point.

If he really just got $32M though, that is a nice target when it comes to potential legal action against Epik over this data breach. It seems like almost every security expert is in agreement that their handling of customer's data was unacceptable.

Brad

 

[Jona4s]

@ https://www.registrarowl.com/Epik
@ https://dailychanges.domaintools.com/