alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Derek Peterson]

Technically he owned the code and the engineers worked for him, so not a white label. Must have been some conversation when they refused to give access. Job security.

If he didn't have access to it then he didn't own it. He probably did some license deal.

 

[Derek Peterson]

Probably because they don't want to be targeted by Joey Camp or one of the countless other fascist assholes who have a vested interest in keeping that information from getting out. Journalists have been getting doxxed non-stop since the first dump, people have very reasonable justifications to not want their name associated with their research in this case.

So they in turn dox a bunch of people they don't agree with. What a world.

 

[FiniteCrystal]

If he didn't have access to it then he didn't own it. He probably did some license deal.

The implication I got from the Jitsi meeting was that Epik owned the code and employed this "captive" development team that didn't want to share it with the rest of the company. I don't think Rob Monster is a very effective communicator, so maybe I misunderstood what he was trying to say, but that's what it sounded like to me.

 

[FiniteCrystal]

So they in turn dox a bunch of people they don't agree with. What a world.

No, they publicly shame those people by making their names public. I haven't seen any researchers post any street addresses or similar information publicly. Doxxing is supposed to be disallowed on Twitter, researchers and journalists that aren't hack frauds don't get the same inexplicable protections as the likes of Andy Ngo, so they have to respect the rules to avoid getting banned. Not that they actually want to do such a thing in the first place.

 

[mr-x]

Probably because they don't want to be targeted by Joey Camp or one of the countless other fascist assholes who have a vested interest in keeping that information from getting out. Journalists have been getting doxxed non-stop since the first dump, people have very reasonable justifications to not want their name associated with their research in this case.

Or left wing lunatics who think everything they don't like is fascism.

 

[.X.]

Well, it sure looks like from analysis of the data breach that a lot of people have been trying to hide their connections to groups, organizations, websites, etc. Only they can answer why that is if they are so proud of these connections.

Brad

if that turns out to be the case .. then I agree .. there is much to be said by many at this current time .. I guess we will find out in due time

 

[Derek Peterson]

No, they publicly shame those people by making their names public. I haven't seen any researchers post any street addresses or similar information publicly. Doxxing is supposed to be disallowed on Twitter, researchers and journalists that aren't hack frauds don't get the same inexplicable protections as the likes of Andy Ngo, so they have to respect the rules to avoid getting banned. Not that they actually want to do such a thing in the first place.

Just not true.

 

[FernandoBMS]

The so-called "Russian" captive development team is mostly Ukrainian. Monster repeated several times that they (Epik) didn't have access to the code, to the git, and the first time their engineers saw the code was when it was leaked by the hackers.

 

[Derek Peterson]

The implication I got from the Jitsi meeting was that Epik owned the code and employed this "captive" development team that didn't want to share it with the rest of the company. I don't think Rob Monster is a very effective communicator, so maybe I misunderstood what he was trying to say, but that's what it sounded like to me.

IRL no owner would allow the dev team to run wild and not be accountable ro have some code review process in place. They had no real quality checks, obviously. Fox watching the chicken coop.

 

[bmugford]

The so-called "Russian" captive development team is mostly Ukrainian. Monster repeated several times that they (Epik) didn't have access to the code, to the git, and the first time their engineers saw the code was when it was leaked by the hackers.

That is no way to run a company.

Brad

 

[mr-x]

That is no way to run a company.

Brad

Well... it's not a good way.

 

[Derek Peterson]

Rob Monster making false claims about his products and services is nothing new. Here is a thread I started several years ago discussing Epik's DDoS white label. If you are wondering why I started acting nicer later in the thread it is because Rob sent me an email asking me to call him (see attachment). When I called him he apologize profusely for helping Gab commit fraud, lying about his products, calling me names wrongly and went on and on about why he was doing the things he was doing I was right and he was wrong and promised to make it all right in the next days. Of course with a bunch of Christian hyper-spiritual talk, which I fell for. However, he did not makes things right, so I resumed.

https://www.namepros.com/threads/is-epik-coms-bitmitigate-for-real.1133231/

 

[FiniteCrystal]

That is no way to run a company.

Brad

It also doesn't make sense. If that's true the hacker had more access to Epik's registrar server than Epik did. Seems pretty nonsensical to me.

 

[mr-x]

Rob Monster making false claims about his products and services is nothing new. Here is a thread I started several years ago discussing Epik's DDoS white label. If you are wondering why I started acting nicer later in the thread it is because Rob sent me an email asking me to call him (see attachment). When I called him he apologize profusely for helping Gab commit fraud, lying about his products, calling me names wrongly and went on and on about why he was doing the things he was doing I was right and he was wrong and promised to make it all right in the next days. Of course with a bunch of Christian hyper-spiritual talk, which I fell for. However, he did not makes things right, so I resumed.

https://www.namepros.com/threads/is-epik-coms-bitmitigate-for-real.1133231/

I can read all but two digits of his phone number.

 

[Derek Peterson]

I can read all but two digits of his phone number.

I couldn't but reuploaded. Can you still read it?

 

[mr-x]

I couldn't but reuploaded. Can you still read it?

no.

 

[Derek Peterson]

Here are several more examples of me calling out Rob Monster on this site for making false claims.

https://www.namepros.com/threads/wh...-and-rob-monster.1128748/page-55#post-7203420

https://www.namepros.com/threads/wh...-and-rob-monster.1128748/page-55#post-7203431

https://www.namepros.com/threads/wh...and-rob-monster.1128748/page-108#post-7459953

 

[Future Sensors]

The Epik data breach is political in nature — here's why you should care

"Given the prevalence of hacking, it's concerning to see a group of hackers target an organization and its members due to their political beliefs."​

Read more:

https://blog.avast.com/epik-data-breach-avast​

 

[Future Sensors]

The Epik data breach is political in nature — here's why you should care

"Given the prevalence of hacking, it's concerning to see a group of hackers target an organization and its members due to their political beliefs."​

Read more:

https://blog.avast.com/epik-data-breach-avast​

From the article:

The breach mentioned previously took place within the US, so the GDPR does not apply [...]​

But it's not that simple:

https://gdpr.eu/compliance-checklist-us-companies/​

https://blog.netwrix.com/2020/03/27/gdpr-in-the-us/

https://termly.io/resources/articles/gdpr-in-the-us/​

 

[FiniteCrystal]

The Epik data breach is political in nature — here's why you should care

"Given the prevalence of hacking, it's concerning to see a group of hackers target an organization and its members due to their political beliefs."​

Read more:

https://blog.avast.com/epik-data-breach-avast​

This strikes me as avast! concern trolling about "[political opinions], [...] racial or ethnic origin, religious or philosophical beliefs, or trade union membership, [being] used to discriminate against people throughout history", while completely disregarding the fact that the political opinions of the subset of Epik's customers that inspired the hack are in favor of such discrimination. Very tonedeaf.

 

[DN Playbook]

From the article:

The breach mentioned previously took place within the US, so the GDPR does not apply [...]​

But it's not that simple:

https://gdpr.eu/compliance-checklist-us-companies/​

https://blog.netwrix.com/2020/03/27/gdpr-in-the-us/

https://termly.io/resources/articles/gdpr-in-the-us/​

Does this mean that Epik has legal liability for clients in the EU? How would that work? Since Epik does not have presence outside the US, AFAIK. How would that law be enforced? As far as I can see GDPR would be enforceable only for companies that have legal presence in countries that are part of the EU.

 

[FiniteCrystal]

Does this mean that Epik has legal liability for clients in the EU? How would that work? Since Epik does not have presence outside the US, AFAIK. How would that law be enforced? As far as I can see GDPR would be enforceable only for companies that have legal presence in countries that are part of the EU.

I'm not a lawyer, but I believe they're required to comply with European data privacy laws if they accept clients in the EU.

 

[FernandoBMS]

Also, is it already clear where the hacked data was stored? I don't doubt it was stored on a server in the UK or Crimea, for example.

 

[.X.]

Does anyone think the Facebook .. Instagram and WhatsApp could be more possible hacking ???

so far as I know of .. Epik .. oath keepers .. are definite hacks with leaks .. I think there is 1 more as well ??

 

[carob]

Does this mean that Epik has legal liability for clients in the EU? How would that work? Since Epik does not have presence outside the US, AFAIK. How would that law be enforced? As far as I can see GDPR would be enforceable only for companies that have legal presence in countries that are part of the EU.

GDPR does apply to Epik, as well as GDPR non-compliance fines:

Law applying outside Europe:
https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-32#post-8399821

Fines:
https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-33#post-8400039

Example amounts of fines:
https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-33#post-8399925