alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

Epik Fail was in Rolling Stone today.

Thank you. Epik and RM are mentioned a couple of times in the article.

The article can be found on the original website and in Google Cache.

A Pro-Choice Hacking Team Defaced the Texas GOP Website. So We DM’d Them
Hackers speak out after one the biggest leaks of far-right data ever​

https://www.rollingstone.com/politi...m-that-defaced-the-texas-gop-website-1238782/
​

 

[branding]

It now looks like the "Struggle Session" thread Rob posted on the other website has been fully deleted.

It shows -

Oops! We ran into some problems.
The requested thread could not be found.

The memory holing is not going to work.

#memoryhole

Brad

It's still there. Only accessible to logged in users though. They've labelled it as controversial.

Edit: it's public again.

 

[Future Sensors]

It's still there. Only accessible to logged in users though. They've labelled it as controversial.

So controversial content is only shown to members. I'm sure there's a market for that.

 

[Wali Dahot]

A message to Epik, as its source code has now been made public and is under public investigation. Check your 2FA / PIN code generation procedure, and that it has not been tampered with. Make sure that it has the greatest possible degree of randomness. And rebuild everything.

https://resources.infosecinstitute....ques-for-attacking-two-factor-authentication/

I was not getting 2FA codes to my mobile last week so I contacted support via Live Chat and the guy said he will forward the complaint to the management. I somehow started getting 2FA messages the next day so I thought my issue was resolved.
But I recieved a message yesterday from Ian at Epik asking for my account PIN, I ignored and deleted it as the issue was already resolved but now after reading the article, I am suspicious of a social engineering attempt as mentioned in the article.

 

[Windoms]

Someone logged into my microsoft account, didnt find anything, left.
Couple days later someone logged into a streaming service account of mine, found a credit card on file, changed the email, but not the password.
I received an email with "email changed to xxxx", logged in using that email, same password, logged in, changed email back to mine, changed password.

Reality is the vast majority of people have one email, and one password for everything.
If they are cautious, they will use a different password for their email adress, and another one for the other services. Not a different password for each service like you guys are saying.

This leak is going to mess up a lot of people's lives, they are literally trying to login everywhere and look for stuff.

Us happen to be on namepros, but many that have no idea what namepros is have already been screwed by epik's silence.

 

[Windoms]

Think this good ol lady from texas has a different gmail password?
Think she bothered to change her passwords everywhere?
Maybe, had epik told people to do that (change passwords everywhere, they never did it, up until now).
Instead they are focused on keeping their domains, at the expense of others.
Calling for prayer here, cursing the data there.

All while ignoring basic procedure.
...

 

[Future Sensors]

Think this good ol lady from texas has a different gmail password?
Think she bothered to change her passwords everywhere?
Maybe, had epik told people to do that (change passwords everywhere, they never did it, up until now).
Instead they are focused on keeping their domains, at the expense of others.
Calling for prayer here, cursing the data there.

All while ignoring basic procedure.
...

Show attachment 201758

That review, on that date, was remarkable to say the least.

 

[Windoms]

That review, on that date, was remarkable to say the least.

It was on the date epik finally sent their email acknowledging the hack, I guess the lady was trying to be supportive and she visibly doesnt understand the situation.

Epik entitled the email
"For affected epik customers"

And used wording such as
"What personal information may have been obtained"

I understand PR.
But hackers made it clear that all usernames and all passwords for all epiks customers were leaked; in their first and initial announcement.
So at least, even if you dont believe in it 100%, keep the PR talk, but apologize, warn people, and tell them to change their passwords everywhere. All while being active in coverups.

Basic logic and procedure.

Especially for a such Believer that should have love respect at least some consideration for people.

 

[Future Sensors]

It was on the date epik finally sent their email acknowledging the hack, I guess the lady was trying to be supportive and she visibly doesnt understand the situation.

The history of this lady (or is it a man, IRL?) is interesting. She has a rather remarkable history on Trustpilot. Let me put it bluntly, I have serious doubts about the legitimacy of her reviews. I wonder about that from many reviews on the Internet, not only about Epik. For the people who are convinced by this lady, it has now become clear that this lady gives wrong advice. Poor people. But fascinating 5 reviews indeed. Thank you Sandy.

https://www.trustpilot.com/users/6140e26c4935a600133c6a8a

 

[Jurgen Wolf]

I can't log in to Epik today...
Looks that their FederatedIdentity is down at least for my location...

 

[tonyk2000]

The history of this lady (or is it a man, IRL?) is interesting.

https://thispersondoesnotexist.com ? Refreshing it a few times would show exactly the same photo style...

 

[bmugford]

The history of this lady (or is it a man, IRL?) is interesting. She has a rather remarkable history on Trustpilot. Let me put it bluntly, I have serious doubts about the legitimacy of her reviews. I wonder about that from many reviews on the Internet, not only about Epik. For the people who are convinced by this lady, it has now become clear that this lady gives wrong advice. Poor people. But fascinating 5 reviews indeed. Thank you Sandy.

https://www.trustpilot.com/users/6140e26c4935a600133c6a8a

Show attachment 201765

I wish there was a website like FakeSpot (for Amazon reviews) to rate the review quality on these type of sites. I see lots of reviews on those type of websites that seem of dubious quality.

Brad

 

[Future Sensors]

I wish there was a website like FakeSpot (for Amazon reviews) to rate the review quality on these type of sites. I see lots of reviews on those type of websites that seem of dubious quality.

Fortunately, Trustpilot has a good review on Wikipedia.

I'm really glad Epik is using TrustRatings.com on their own premises (contact: [email protected]).

Of the 38 followers on https://twitter.com/trustratings/followers most are Epik staff.

 

[Windoms]

The history of this lady (or is it a man, IRL?) is interesting. She has a rather remarkable history on Trustpilot. Let me put it bluntly, I have serious doubts about the legitimacy of her reviews. I wonder about that from many reviews on the Internet, not only about Epik. For the people who are convinced by this lady, it has now become clear that this lady gives wrong advice. Poor people. But fascinating 5 reviews indeed. Thank you Sandy.

https://www.trustpilot.com/users/6140e26c4935a600133c6a8a

Show attachment 201765

I visited her profile and saw the same, long ago.
She has 5 total reviews, 2 of which are epik, all are after the breach.
You cant know for sure and youd be just running after flies. Theyve done worse, when it comes to schemes and manipulation, so forget about that lady.
Fact is there are many ignorant/naïve people that took this lightly as a result of epik's lack of responsibility.
All benefits for thieves and scammers.

 

[tonyk2000]

And whatever they come up with, rebranding is a must:

 

[Jurgen Wolf]

I can't log in to Epik today...
Looks that their FederatedIdentity is down at least for my location...

Show attachment 201772

So nobody, only for me FI is down (see screenshot)?

 

[tonyk2000]

So nobody, only for me FI is down (see screenshot)?

It works (just checked from different countries / locations). They changed a lot of IPs recently (if not all). It is likely that an old IP is cached by your DNS server(s).

 

[Jurgen Wolf]

Recently???
Yesterday were no problems.

 

[Future Sensors]

And whatever they come up with, rebranding is a must:

Trust Ratings, an Epik project, knows how to handle this.

https://twitter.com/x/status/1394344161042747398

 

[Jurgen Wolf]

@tonyk2000
Thanks for your DMs, I have the same IPs of FederatedIdentity - and nothing works for me today, I can't log in...
At least for Ukraine it doesn't work (down)...
OR today they banned all Ukrainian IP ranges???

 

[Jurgen Wolf]

Rob just solved it via DM, whitelisted my IP - and now it works!
Thank you.

 

[.X.]

Someone logged into my microsoft account, didnt find anything, left.
Couple days later someone logged into a streaming service account of mine, found a credit card on file, changed the email, but not the password.
I received an email with "email changed to xxxx", logged in using that email, same password, logged in, changed email back to mine, changed password.

Reality is the vast majority of people have one email, and one password for everything.
If they are cautious, they will use a different password for their email adress, and another one for the other services. Not a different password for each service like you guys are saying.

This leak is going to mess up a lot of people's lives, they are literally trying to login everywhere and look for stuff.

Us happen to be on namepros, but many that have no idea what namepros is have already been screwed by epik's silence.

There is eyes on em ... Its the confidence of the criminal element that gets them caught .. Some things never change with time... the criminal element is one of them ...

 

[Future Sensors]

There is eyes on em ... Its the confidence of the criminal element that gets them caught .. Some things never change with time... the criminal element is one of them ...

Which does not mean that this is done by the same group as the original female EPIK hackers. Data from the EPIK systems and its customers are now freely available to everyone on the Internet, possibly for a fee. And it looks like it's being put to considerable use, pretty soon after the leaks happened.

 

[.X.]

Which does not mean that this is done by the same group as the original female EPIK hackers. Data from the EPIK systems and its customers are now freely available to everyone on the Internet, possibly for a fee. And it looks like it's being put to considerable use, pretty soon after the leaks happened.

I agree 100%... that is the biggest problem with the Epik hack... the data was released to the public and there was no cherry picking of the data released to my knowledge... with what you posted it appears the data has now been parsed and unauthorized use attempts are being performed

 

[DN Playbook]

I'm really glad Epik is using TrustRatings.com on their own premises (contact: [email protected]).

Of the 38 followers on https://twitter.com/trustratings/followers most are Epik staff.

Acquiring sites such as trustratings and the other domain forum sure gives the impression that RM wants to control the conversation. This is also seen from the amount of staff and proxy accounts on NP. It seems that organic and unbiased feedback does not go his way.