alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[branding]

Anyone not able to login to EPIK now? I am unable to, despite password change.

Same here. Cannot login even though I changed my password after the breach and it worked fine just after that.

Same:

 

[karmaco]

I have been logged in and out for hours. Do you have 2 factor on?

Everyone should have 2 factor on.

 

[MasterOfMyDomains]

Loading fine in Canada. Thank God

 

[Derek Peterson]

Same:

Show attachment 201128

Looks like Epik reset passwords. I can not login with old password.

 

[jmcc]

Seems to have been a third release with more server boot images. This latest release includes some US Republican Party/GOP data.

Regards...jmcc

 

[Derek Peterson]

Seems to have been a third release with more server boot images. This latest release includes some US Republican Party/GOP data.

Regards...jmcc

Wow. So now they are going after sites hosted with Epik. That is exactly what I was afraid of. I assume texas gop is hosted with epik, their domain is there and they were hacked soo...probably. What a disgrace.

 

[jmcc]

Wow. So now they are going after sites hosted with Epik. That is exactly what I was afraid of. I assume texas gop is hosted with epik, their domain is there and they were hacked soo...probably. What a disgrace.

Hosted on an Epik IP address. The IP is still the same since at least August 2021.

Regards...jmcc

 

[Derek Peterson]

Hosted on an Epik IP address. The IP is still the same since at least August 2021.

Regards...jmcc

Thanks. I think we are going to see a lot more of this. Maybe hundreds of more websites hosted at Epik will suffer same fate.

 

[Future Sensors]

Seems to have been a third release with more server boot images. This latest release includes some US Republican Party/GOP data.

Thanks for the heads up @jmcc

3rd leak:

https://www.dailydot.com/debug/anonymous-texas-gop-epik/

 

[jmcc]

Thanks. I think we are going to see a lot more of this. Maybe hundreds of more websites hosted at Epik will suffer same fate.

If that happens then it is going to be a major law enforcement issue beyond what it is already. So far the actions seem to have been politically motivated.

Regards...jmcc

 

[Future Sensors]

It's a complicated mess - In the UK I think it would be Cyber & Data Risk Insurance but you might also need online business insurance mixed in with product liability insurance, so most likely a bespoke plan....

I'm no expert by any means on UK Insurance policies and would not even know where to begin for other countries

It's getting more difficult to insure these things.

Google Translated article, Dutch to English:

It is more difficult for companies to insure cyber attacks
https://www-bnr-nl.translate.goog/n...l=nl&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=nui

The original article in Dutch, published today:
https://www.bnr.nl/nieuws/technologie/10455371/bedrijven-kunnen-cyberaanvallen-moeilijker-verzekeren

 

[Derek Peterson]

If that happens then it is going to be a major law enforcement issue beyond what it is already. So far the actions seem to have been politically motivated.

Regards...jmcc

Is there a way to create a list of all the websites hosted at epik. Maybe think of some of the largest right wing websites and check? eg infowars.com

 

[Derek Peterson]

@Paul in the data are you able to see a list of all the websites hosted at Epik?

 

[Future Sensors]

@Paul in the data are you able to see a list of all the websites hosted at Epik?

At this point, it's not a wise thing to encourage someone to download the data, especially not @Paul.

 

[Derek Peterson]

At this point, it's not a wise thing to encourage someone to download the data, especially not @Paul.

He already has and given helpful reports in this very thread about the contents.

 

[branding]

Looks like Epik reset passwords. I can not login with old password.

Can't login on any of my clients accounts. Anybody got a reset email?

 

[Mr. Glomar]

Oh my, not again! Looks like they might be rebranding to "Fail".

 

[Jurgen Wolf]

I logged in 2 times today without issues.
Probably, because 2FA SMS is enabled for me.

 

[Bertrell]

I was able to log in successfully. I think that the fact that I have 2FA (Authy) enabled helped, as @karmaco and @Jurgen Wolf mentioned earlier. I'm in Southern California.

 

[Derek Peterson]

Oh my, not again! Looks like they might be rebranding to "Fail".

Is that just a mock up or did they actually put that up on their epik website?

 

[Future Sensors]

Epik Data Breach – Class Action Investigation

https://chimicles.com/epik-data-breach-class-action-investigation/

Chimicles Schwartz Kriner & Donaldson Smith is investigating a potential class action lawsuit related to reports that the domain registrar and web hosting company, Epik, was the victim of a recent data breach involving the personal data of 15 million Epik customers and non-customers. In an email that Epik sent to its users notifying them of the breach, it reported that the hackers obtained “payment information including credit card numbers, registered names, usernames, emails, and passwords.” As such, Epik has instructed its users to “contact any credit card companies that [they] used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly.”


The California Consumer Privacy Act of 2018 (“CCPA”) requires businesses to implement and maintain reasonable security procedures and practices to protect consumers’ personal information, and is violated any time a data breach reveals a consumer’s “[a]ccount number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.” Civ. Code § 1798.150(a)(1); Civ. Code § 1798.81.5(d)(1)(A).


If you have been notified—or have reason to believe—that your personal information may have been compromised, please contact the attorney(s) listed below.

Attorneys for this case:

Benjamin F. Johns
Mark B. DeSanto
Samantha E. Holbrook

About the firm:

Chimicles Schwartz Kriner & Donaldson-Smith LLP (CSK&DS) is a leading national class action law firm which specializes in prosecuting complex federal and state class action litigation throughout the nation. We seek to obtain justice for our clients, ensuring their rights are vindicated and their interests are protected. Our experienced and dedicated litigators are ready to advance the interests of clients, and the rights of consumers and shareholders, by recovering the money they have lost, and obtaining the relief to which they are entitled. To achieve the best result for our clients, we are prepared to go to trial on every case. We will not settle unless it is in our clients’ best interests to do so.​

 

[branding]

If you can't login, requesting a password reset works.... Make sure your email is secured though.

 

[koolishman]

If you can't login, requesting a password reset works.... Make sure your email is secured though.

Will try that. Thanks.

 

[FiniteCrystal]

I literally didn't even look at the URLs of the websites I copied and pasted nor do I know those websites. I think you are really just angry because you were wrong and I was right. Canada does have "hate speech" laws regarding LGBT talk so it is very possible some epik customers could actually get put in prison for their speech after being exposed by hack.

Also, my beliefs are my own. I am not accountable to you so don't even tell me what to believe.

This is an amazing self-own. Thanks for admitting that you didn't even bother to read the first paragraph of the articles that you used as sources for your ludicrous claim. As previously stated, I agree with Canada and most of Europe who consider hate speech as a common sense exception to free speech. The same way you can't yell "FIRE!" in a crowded theater, you shouldn't be able to broadly disseminate hate speech that results in the stochastic targeting of marginalized communities. SCOTUS's position on this issue is very poorly thought out and not good. I wasn't wrong and if I was I wouldn't be angry, you just admitted that you "just [googled]" and didn't even bother to check your sources.

I'm not telling you what to believe, I'm just dutifully doing my part to combat the hatred that makes the world more dangerous for people like me.

 

[carob]

Canada does have "hate speech" laws regarding LGBT talk so it is very possible some epik customers could actually get put in prison for their speech after being exposed by hack.

You've provided some interesting info about Rob Monster's business practices and your dealings with him, especially in relation to Bit mitigate. I don't think you need to repeat it - a post giving a concise summary of your points would close the subject. People are entitled to their religious beliefs, but surely they need to comply with the law? And surely people following the teachings of Jesus would not want to incite hatred, or harm to others, or facilitate harm to others?

This might be a misinterpretation, but have you been implying there are people who specifically went to Epik to ensure their religious freedom, or to express their religious thoughts in a way that would avoid harsh consequences? That would be an interesting new angle on Epik customer acquisition, and possible reasons for the hack.