alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

Also, is it already clear where the hacked data was stored? I don't doubt it was stored on a server in the UK or Crimea, for example.

In their original response it was about some old remote backup. Looked like the company was downplaying the data breach a little bit. I agree that jurisdiction is an important aspect to consider in any legal proceedings. In what geographic region was PII stored and how was it protected? Cloud providers like AWS think about this all the time and offer custom solutions per region.

 

[Derek Peterson]

Have you considered the possibility that Rob Monster may have made a pact with Satan?

It's also possible that his many associations have left him open to blackmail and he has become a puppet - take your pick, extremists, Feds, Russians, Chinese, profiteers pulling the strings.

The ignoring of reported security issues might not be simple ignorance or indifference, it might be avoidance of costs. The whole point of Epik may have been to build it up and sell it on, a kind of pump and dump where admitting security issues and the costs of fixing them would make a sale harder.

Yes, with Rob Monster all things are possible. I have honestly not ever encountered someone as weak and dishonest and unrepentant as Rob Monster in a professional atmosphere. I've read about them and seen documentaries about commercial builders who used shoddy materials and bldgs collapsed, pharma execs who knowingly sold poison and covered up studies or even doctored them and fund managers who lied and destroyed people's life savings. It's always shocking to me how these people never feel sorry, they always play the victim and they always maintain an air of superiority. Monster is the same as these types but he even throws in the whole Christian schtick to help sell, which makes it all even more disgusting.

When I first spoke with Monster I figured he was just a really immature Christian, recently saved from a lifetime of partying and adultery, using carnal means, deceit, lying, covering up evil, etc for what he thought was some greater good eg. protecting free speech, defending Christians, etc, but I pretty quickly figured out he was a fraud and the whole thing was just a grift to get rich and a chance for him to finally feel important.

I do not think he is knowingly in partnership with the Devil, at least not yet, but he certainly is doing his bidding. As far as working with some other group to sell out his customers, I am sure he would and probably find a way to make himself feel like he is doing good when he does it. I still find it highly suspicious that within 60 days of getting $32,000,000 from a mystery investor, for minority stake of common in Epik, (ridiculous valuation) that a monstrous hack happens.

I sincerely believe that Rob Monster entered a reprobate state at some point in his life and is now beyond salvation. This type can learn a lot of doctrine and have some emotional experiences that make them believe they are Christians and stop participating in some sins but the fact of the matter is that they are not saved and they never will be saved. Eventually, as they fail to repent of the harm they cause and hurt to real believers they begin to accept what they are and embrace it fully. That is where Monster is at now. I was just helping sink the spiritual hook.

"Ever learning, and never able to come to the knowledge of the truth. Now as Jannes and Jambres withstood Moses, so do these also resist the truth: men of corrupt minds, reprobate concerning the faith. But they shall proceed no further: for their folly shall be manifest unto all men, as theirs also was."

 

[jberryhill]

As Epik had a massive breach and if they know the hackers involved, it would make sense for them to file a criminal and/or civil complaint against the hackers instead of engaging with them in public, as the hack was indeed extremely illegal.

There seems to be a common popular misconception that private individuals or entities can "file a criminal" complaint as some sort of an alternative or adjunct to filing a civil complaint.

To be clear, private individuals can report crimes to law enforcement authorities, but in the United States one cannot directly prosecute a criminal case. (There is a rare form of "private criminal law enforcement" called a qui tam action, but it is not worth going into not relevant to these circumstances)

Additionally, it would be way too early at this point for law enforcement authorities to have conducted a complete investigation and determined whether there are persons within their jurisdiction to prosecute, or whether the circumstances bear further and deeper investigation.

In either context, engaging with the hackers in public may indeed be something that is useful to do - particularly in the context of seeking admissions that would be useful in a civil case, but sometimes at the request of law enforcement to further their investigation.

Filing an action and enforcing one may, of course, be two different things. Tanya Gersh, for example, was awarded $14M for the abuse inflicted on her by Andrew Anglin, who became hard to find and would certainly have taken advantage of competent legal counsel to advise him on the various risks and potential practical consequences of various courses of action that Anglin might take.

But, in any event, as a private company, one does not independently pursue criminal investigation and prosecution, and there can be practical reasons for not spending money to obtain judgments against the judgment-proof. Conversely, there can be benefits to extracting useful public admissions.

 

[DN Playbook]

But, in any event, as a private company, one does not independently pursue criminal investigation and prosecution, and there can be practical reasons for not spending money to obtain judgments against the judgment-proof. Conversely, there can be benefits to extracting useful public admissions.

Taking legal action can be very costly with no guarantee as to outcome. It is a safe assumption that the hackers have concealed themselves very well and hidden their tracks. The biggest concern of RM is not going after the hackers, but protecting E's image in the court of public opinion.

 

[Future Sensors]

Let me once again link what has been said about prosecution here:

https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-117#post-8423762

 

[Derek Peterson]

- As mentioned, Epik has completed about a dozen acquisitions in the last 3 years. For strategic reasons, not all of them get announced. We do talk to a lot of folks. When we say no to a deal, it is often due to bad cultural fit, e.g. a Dutch company that has gone on to become stronger after some transitional assistance.

Monster is a bottom feeder and about all of his "acquisitions" have failed. Most of the time he just pretends to be interested in M/A deal and is just fishing for info. For example, Sybil hosting "company" was a couple of teens hosting lolicon and doing about $2,500/month in revenues, half of which was Gab. Bitmitigate, which he purchased from Nic Lim was in essence dead within months b/c Nic quickly quit and relaunched an upgraded version.

- I don't actually recall having any M&A discussion with Derek. If any such discussion occurred, it would have been very preliminary. In general, we don't do a lot of partnerships. We either build or we acquire. In the case of Derek, it is safe to say that there would not have been a cultural fit.

More deceit from Monster. I never said I ever entered into M/A discussion with Monster or Epik. What I said was that Monster entered into M/A discussions with Ray Vahey of BitChute and Ray asked my advice on how to handle. I told Ray that Monster is a dishonest person and a bottom feeder and that he is just fishing for info on how BitChute operations work so he could launch competing service and I suggested he require a signed LOI with non-refundable 10% deposit. Ray did that and Monster slithered back into the shadows.

 

[Windoms]

For example, earlier today, I interviewed a retired US Major General with a deep background in security, including cybersecurity.

Is that true?

- Daily transfers in continue to outpace transfers out many times over. This pattern has been steady and domains under management continues to rise.

Are you transferring your own domains into epik?

- The escrow business is doing just fine. So far today no less than 5 transactions started with transaction sizes above $100K each. With crypto booming, much of this is crypto-related. As far as I know, Epik is the only registrar-escrow that is also integrated as a licensed crypto exchange.

Thats a lot of 100k sales in one day, for a dangerous platform.

- There will be no re-brand of Epik.com. The Epik brand continues to be healthy. Brand awareness is higher than ever. Our product and service are good and improving. We don't need to be everyone's cup of tea to have a sustainable enterprise. I was encouraged by this poll today:

Thats confident.

But usually, fake it til you make it tech CEOs aren't in crazy deep shit, with so many healthy alternatives available.

You are not grasping reality.

 

[Molly White]

Looks like Joey Camp has been hosting his doxing sites at Epik, in addition to just using Epik domains. Why are you continuing to provide him hosting and other services, @Rob Monster?

https://twitter.com/x/status/1449487872181116931

https://twitter.com/x/status/1449489268838182914

 

[shoulda9393]

There seems to be a common popular misconception that private individuals or entities can "file a criminal" complaint as some sort of an alternative or adjunct to filing a civil complaint.

To be clear, private individuals can report crimes to law enforcement authorities, but in the United States one cannot directly prosecute a criminal case. (There is a rare form of "private criminal law enforcement" called a qui tam action, but it is not worth going into not relevant to these circumstances)

Additionally, it would be way too early at this point for law enforcement authorities to have conducted a complete investigation and determined whether there are persons within their jurisdiction to prosecute, or whether the circumstances bear further and deeper investigation.

In either context, engaging with the hackers in public may indeed be something that is useful to do - particularly in the context of seeking admissions that would be useful in a civil case, but sometimes at the request of law enforcement to further their investigation.

Filing an action and enforcing one may, of course, be two different things. Tanya Gersh, for example, was awarded $14M for the abuse inflicted on her by Andrew Anglin, who became hard to find and would certainly have taken advantage of competent legal counsel to advise him on the various risks and potential practical consequences of various courses of action that Anglin might take.

But, in any event, as a private company, one does not independently pursue criminal investigation and prosecution, and there can be practical reasons for not spending money to obtain judgments against the judgment-proof. Conversely, there can be benefits to extracting useful public admissions.

What I meant was he should report it to law enforcement if he hasn't already or file a lawsuit or and then after that just care to his customers, not the hackers or trolls or people with gripes about websites using registrars.

There is no benefit to Rob in interacting with the many trolls on here who want his business to collapse for ideological reasons, many of whom liked the posts here deterring him from perusing legal action against people both defaming his business and quite literally compromising all of it. Every time he interacts with people tangential to hackers or leakers, he is making it seem like he had to do x or y to avoid the hack, when in reality, no one should have hacked, seeded, shared, or even downloaded the highly sensitive personal info of thousands of people (including passwords, phone numbers, addresses and failed passwords of many leftists and liberal domain owners, not just right-wingers).

With regards to other posts above this one about whether Rob is himself a good person, I don't know, and don't care because his business was large enough that I could buy a few domains without worrying about that. Most of us don't use single registrars and don't care about the political leanings of registrars unless we have really weird domains. The main issue for domain owners were technical aspects like his password hashing, not his personal opinions imo.

All he's doing right now by responding to them is feeding the egos of internet junkies and people with personal vendettas they want to utilize the Epik leak for.

This is a domain forum, not a forum about *sites that use domains* or about the moral merits of Rob potentially profiting of hate speech sites (like Tucows and every other registrar does) or the drama that led up to the hack. Having a few domains on Epik, I'd just want to know what to do as a domain owner. Am I supposed to not use my password at Epik anywhere else, should I transfer out, should I not purchase anything with a credit card?

And this Twitter circus should stay on Twitter so us lurkers don't have to go through hundreds of posts to figure out the current status of Epik security.

 

[FernandoBMS]

I don't see any trolls in this thread and all the questions asked are legitimate and Epik's spokesperson or CEO should indeed answer them.

 

[bmugford]

And this Twitter circus should stay on Twitter so us lurkers don't have to go through hundreds of posts to figure out the current status of Epik security.

No one is really forcing you to go through the posts here. Rob has plenty of outlets to update people if he wanted to. He has the Epik webstite, he has Twitter, he has his forum.

He initially posted an update about the first data breach on Twitter, then removed it. Only he can answer why that is.

The issue with Rob providing useful updates is Rob, not anyone else posting here.

Brad

 

[shoulda9393]

I don't see any trolls in this thread and all the questions asked are legitimate and Epik's spokesperson or CEO should indeed answer them.

I've also asked questions, but no, questions about the content of sites on his registrar are not appropriate for a domain forum. It's not the job of registrars to police the content of sites. MOST large domain registrars like Tucows or Enom or Directnic DO NOT take down hate sites or whatever just cuz, they need a court order to do so.

 

[Future Sensors]

I've also asked questions, but no, questions about the content of sites on his registrar are not appropriate for a domain forum. It's not the job of registrars to police the content of sites. MOST large domain registrars like Tucows or Enom or Directnic DO NOT take down hate sites or whatever just cuz, they need a court order to do so.

You have to remember that Rob is doing this for a living.

Unidentified: It does look down.

Monster: It’s down.

Monacelli: Oh, awesome.

Monster, YT1:02:43: I do this for a living. So weev, weev. Let’s talk for a second. So what’s going on…

Kirtaner: It’s been a while.​

 

[bmugford]

I've also asked questions, but no, questions about the content of sites on his registrar are not appropriate for a domain forum. It's not the job of registrars to police the content of sites. MOST large domain registrars like Tucows or Enom or Directnic DO NOT take down hate sites or whatever just cuz, they need a court order to do so.

Yes, they are in this case. The doxxing sites are specifically related to this entire story.

Rob has been given warning about them time and time again.

They were discussed in the disastrous prayer meeting or whatever video he hosted in relation to this data breach, where he said he was taking them down. That does not appear to be the case as they seem to keep popping back up.

On the previous page Rob stated the following, which seems like a tacit endorsement of this behavior -

The reality is that the people he was profiling were not lovely people. They may become more lovely in the future. If they don't then one can assume that other Joey's will emerge when thugs overreach.

All this stuff is intertwined.

Brad

 

[shoulda9393]

You have to remember that Rob is doing this for a living.

Unidentified: It does look down.

Monster: It’s down.

Monacelli: Oh, awesome.

Monster, YT1:02:43: I do this for a living. So weev, weev. Let’s talk for a second. So what’s going on…

Kirtaner: It’s been a while.​

People are telling me this thread isn't about trolls and you are quoting me a nazi troll named Weev and another longtime old anti-semitic troll "Kirtaner".

That's for Twitter, not Namepros. There is no justification for using this thread to make registrars content policers (which the large ones already aren't).

 

[shoulda9393]

Yes, they are in this case. The doxxing sites are specifically related to this entire story.

Rob has been given warning about them time and time again.

They were discussed in the disastrous prayer meeting or whatever video he hosted in relation to this data breach, where he said he was taking them down. That does not appear to be the case as they seem to keep popping back up.

All this stuff is intertwined.

Brad

If doxxing sites were at DirectNic or Tucows they'd still need a COURT ORDER to take them down. If they are doing something illegal then they need to go through AUTHORITIES, not the court of namepros.

 

[Future Sensors]

People are telling me this thread isn't about trolls and you are quoting me a nazi troll named Weev and another longtime old anti-semitic troll "Kirtaner".

That's for Twitter, not Namepros. There is no justification for using this thread to make registrars content policers (which the large ones already aren't).

It is from the video meeting that the CEO of Epik had with the alleged hackers. So highly relevant to this thread.

Any more questions?

 

[shoulda9393]

It is from the video meeting that the CEO of Epik had with the hackers. So highly relevant to this thread.

Any more questions?

Yes I want to know from Rob if passwords are currently being properly hashed and have no interest in the content of the sites he hosts, as that is not what this forum is about. That's what lowendtalk is for perhaps.

 

[bmugford]

If doxxing sites were at DirectNic or Tucows they'd still need a COURT ORDER to take them down. If they are doing something illegal then they need to go through AUTHORITIES, not the court of namepros.

No, they don't need a court order to take it down. That is just some cop-out to allow disgusting behavior.

They have a TOS.

Epik did not allow the Texas Right to Life doxxing site. That was without any court order.

Brad

 

[bmugford]

Yes I want to know from Rob if passwords are currently being properly hashed and have no interest in the content of the sites he hosts, as that is not what this forum is about. That's what lowendtalk is for perhaps.

Valid question. Add it to the long list of other valid questions that have yet to be properly addressed in this thread.

Brad

 

[Derek Peterson]

What I meant was he should report it to law enforcement if he hasn't already or file a lawsuit or and then after that just care to his customers, not the hackers or trolls or people with gripes about websites using registrars.

There is no benefit to Rob in interacting with the many trolls on here who want his business to collapse for ideological reasons, many of whom liked the posts here deterring him from perusing legal action against people both defaming his business and quite literally compromising all of it. Every time he interacts with people tangential to hackers or leakers, he is making it seem like he had to do x or y to avoid the hack, when in reality, no one should have hacked, seeded, shared, or even downloaded the highly sensitive personal info of thousands of people (including passwords, phone numbers, addresses and failed passwords of many leftists and liberal domain owners, not just right-wingers).

With regards to other posts above this one about whether Rob is himself a good person, I don't know, and don't care because his business was large enough that I could buy a few domains without worrying about that. Most of us don't use single registrars and don't care about the political leanings of registrars unless we have really weird domains. The main issue for domain owners were technical aspects like his password hashing, not his personal opinions imo.

All he's doing right now by responding to them is feeding the egos of internet junkies and people with personal vendettas they want to utilize the Epik leak for.

This is a domain forum, not a forum about *sites that use domains* or about the moral merits of Rob potentially profiting of hate speech sites (like Tucows and every other registrar does) or the drama that led up to the hack. Having a few domains on Epik, I'd just want to know what to do as a domain owner. Am I supposed to not use my password at Epik anywhere else, should I transfer out, should I not purchase anything with a credit card?

And this Twitter circus should stay on Twitter so us lurkers don't have to go through hundreds of posts to figure out the current status of Epik security.

I think the majority of the people on here are more concerned with Monster's false statements leading up to the hack and after the fact and the utter incompetence displayed by Monster and Epik, than any ideological issues. I, for example, am much more a free speech absolutist than Monster has ever pretended to be.

 

[Molly White]

Yes, they are in this case. The doxxing sites are specifically related to this entire story.

Rob has been given warning about them time and time again.

That's understating it a bit.

https://twitter.com/x/status/1439269174346457088

 

[Future Sensors]

Yes I want to know from Rob if passwords are currently being properly hashed and have no interest in the content of the sites he hosts, as that is not what this forum is about. That's what lowendtalk is for perhaps.

Good question. But don't attack members of this forum please. It won't help you getting anywhere.

 

[shoulda9393]

No, they don't need a court order to take it down. That is just some cop-out to allow disgusting behavior.

They have a TOS.

Epik did not allow the Texas Right to Life doxxing site. That was without any court order.

Brad

I mean that's just not correct. The only way most domains get taken down at Enom, Tucows, or DirectNic is court orders, not the registrar policing sites. If major registrars start policing sites according to internal policies (which of course they can do, but most choose not to), then whole swaths of people, left and right won't have a home anymore. I'm not even aware of any of those three taking down anything without a court order outside very very few exceptions (I think Enom once took down a Wikileaks .info site once, and they almost got in trouble for that).

 

[Derek Peterson]

I've also asked questions, but no, questions about the content of sites on his registrar are not appropriate for a domain forum. It's not the job of registrars to police the content of sites. MOST large domain registrars like Tucows or Enom or Directnic DO NOT take down hate sites or whatever just cuz, they need a court order to do so.

I agree. This is about the lies that and incompetence that led to the hack and the more lies and incompetence after the hack.

This whole Joey Camp and the cancelling of other sites seems more like some kind of extortion negotiation and has about nothing to do with the hack.