alert Epik Had A Major Breach

Silentptnr · Sep 14, 2021

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

Jurgen Wolf · Sep 15, 2021

Were total slowness and troubles there... with any changes for domains.
Not just login form.

BEFORE this thread.

Paul · Sep 15, 2021

Jurgen Wolf said:
Were total slowness and troubles there... with any changes for domains.
Not just login from.

BEFORE this thread.

Yes, you've mentioned that once or twice.

Unfortunately, without additional information, that's not particularly useful in assessing what happened.

Jurgen Wolf · Sep 15, 2021

For example, after I clicked SAVE button for another nameservers - successful banner appeared after ~30 seconds.

tonyk2000 · Sep 15, 2021

As a side note. The pdf mentions Epik-provided "hosting" of various websites the hackers do not like. I refreshed my memory and checked whois of a few domains of this nature (registered via epik). Would not post domains in this thread - it is indexed and may attract irrelevant comments from non-domaining community as the result. But, any domainer can generate such a list. From ~3 domains I remembered, ALL are using cloudflare dns servers and cloudflare IPs. So, epik serves as a registrar only. So, it is unclear what are the hackers speaking about? What real IPs, hosting companies, etc..? Just the non-private whois (how real would it really be?)... payment details maybe (should be anonymous like btc)... ?

.X. · Sep 15, 2021

tonyk2000 said:
As a side note. The pdf mentions Epik-provided "hosting" of various websites the hackers do not like. I refreshed my memory and checked whois of a few domains of this nature (registered via epik). Would not post domains in this thread - it is indexed and may attract irrelevant comments from non-domaining community as the result. But, any domainer can generate such a list. From ~3 domains I remembered, ALL are using cloudflare dns servers and cloudflare IPs. So, epik serves as a registrar only. So, it is unclear what are the hackers speaking about? What real IPs, hosting companies, etc..? Just the non-private whois (how real would it really be?)... payment details maybe (should be anonymous like btc)... ?

a couple of things that we need hear from the people themselves … first from Rob Monster concerning the whole situation.. second from Anonymous as to rather it is truly anonymous that did the hack .

Paul · Sep 15, 2021

@tonyk2000, I wouldn't read too much into the message written by the attacker.

Paul · Sep 15, 2021

.X. said:
second from Anonymous as to rather it is truly anonymous that did the hack .

"Anonymous" isn't a cohesive entity or organization; it's just a term used by random attackers. The letter from the attacker even pokes fun at this fact:

OFFICIAL ANONYMOUS (not to be confused with 'Anonymous Official' grifters) PRESS RELEASE

As such, there's no way you could "hear from Anonymous."

.X. · Sep 15, 2021

I looked all over the internet .. including Dark .. I have found nothing from Anonymous stating they coordinated and are responsible for the hack .. so until clarity comes from Rob Monster and Anonymous.. I will just monitor

Paul · Sep 15, 2021

.X. said:
I looked all over the internet .. including Dark .. I have found nothing from Anonymous stating they coordinated and are responsible for the hack .. so until clarity comes from Rob Monster and Anonymous.. I will just monitor

I've already explained this.

.X. · Sep 15, 2021

Paul said:
"Anonymous" isn't a cohesive entity or organization; it's just a term used by random attackers. The letter from the attacker even pokes fun at this fact. As such, there's no way you could "hear from Anonymous."

the hacker or hackers usually post a video .. if it’s an anonymous hacker .. maybe things have changed though .. who knows

tonyk2000 · Sep 15, 2021

Paul said:
@tonyk2000, I wouldn't read too much into the message written by the attacker.

Yeah, indeed

But, due to radio silence we have from epik... what else?

Paul · Sep 15, 2021

.X. said:
the hacker or hackers usually post a video .. if it’s an anonymous hacker .. maybe things have changed though .. who knows

It's never been like that. It's a common point of confusion.

It would be akin to a group of people who wear jeans. Anyone can join the group by simply wearing jeans. Who represents the group? Well, nobody, really; it's just an arbitrary collection of people who have decided they want to be part of that collection.

Attackers know this causes confusion and play it up.

.X. · Sep 15, 2021

Paul said:
I've already explained this.

sorry .. I don’t dig through threads .. I join in on whatever page the thread is on and comment ..

branding · Sep 15, 2021

Skipped the couple of hundred posts. Is it true they were hacked? Sorry for being lazy but if true I'd better start transferring instead of going through all posts.

.X. · Sep 15, 2021

Paul said:
It's never been like that. It's a common point of confusion.

It would be akin to a group of people who wear jeans. Anyone can join the group by simply wearing jeans. Who represents the group? Well, nobody, really; it's just an arbitrary collection of people who have decided they want to be part of that collection.

Attackers know this causes confusion and play it up.

I am fully aware it is not a group .. gang or the sort … it’s not an alliance .. it’s an allegiance and all that stuff .. I had a friend of mine do the Dark Web shit .. there was nothing of data release or any one flaunting responsibility for that attack ..at least not as of 3 am ..

Paul · Sep 15, 2021

.X. said:
there was nothing of data release or any one flaunting responsibility for that attack ..at least not as of 3 am ..

The data is being distributed publicly--not on the dark web, but out in the open. Links were accessible via various news articles yesterday. (Edit: I've removed references to specific news articles, since it's possible the authors didn't realize what they were publishing.)

DirkS said:
Skipped the couple of hundred posts. Is it true they were hacked? Sorry for being lazy but if true I'd better start transferring instead of going through all posts.

The snippets of data I've seen appear to indicate as much, but the dataset is quite large, so I don't think anyone can be certain at this point. Epik doesn't seem to have commented.

equity78 · Sep 15, 2021

Paul said:
Of course, but incident response is a tricky beast. It's overwhelming at best. Even the most prepared teams have to prioritize and end up making decisions that don't necessarily look great in hindsight.

There's always a human element, and as someone who's had experience being paged at 4 AM while on vacation because some random person decided that would be a great time launch an attack, I certainly empathize with what they're going through right now. Again, that's not to say I condone the silence or their security practices, but it's a tough situation to be in.

Keep in mind the actual attack in the spotlight here wasn't a DDoS attack, and it's important not to conflate the two. Denial of Service is just that: users have trouble accessing a service. It doesn't mean data has been leaked. That's not what appears to have happened here.

When enough real people visit a website, it has the same effect as a DDoS attack. If a lot of people are trying to log in right now, it will be indiscernible from the users' perspective: the site will slow down and fail to function properly. That's not an attack; that's just a side effect of everyone panicking.

Paul thanks for chiming in glad I tagged you. What would the steps be in order from first to last if you were consulted here or owned Epik in it's entirety?

.X. · Sep 15, 2021

Paul said:
The data is being distributed publicly--not on the dark web, but out in the open. There's a link to it in the PDF on DNW.

The snippets of data I've seen appear to indicate as much, but the dataset is quite large, so I don't think anyone can be certain at this point. Epik doesn't seem to have commented.

there actually is a video made that posted on Twitter .. I am on my phone and can’t post it .. but it is common for Anonymous to post a video .. they did

Paul · Sep 15, 2021

equity78 said:
Paul thanks for chiming in glad I tagged you. What would the steps be in order from first to last if you were consulted here or owned Epik in it's entirety?

I would need to know a lot more about Epik, its staff, and its infrastructure before I would be able to answer that.

If I were to be consulted, my first step would be to acquire that information.

.X. said:
there actually is a video made that posted on Twitter .. I am on my phone and can’t post it .. but it is common for Anonymous to post a video .. they did

There's no "they."

branding · Sep 15, 2021

Thanks @Paul . Gonna be a busy night moving stuff... Fortunately there's a NC promo running. Got some developed stuff there (just regs, not hosting) so time is of the essence.

.X. · Sep 15, 2021

I meant .. who ever did it .. it .. him .. her .. them

Paul · Sep 15, 2021

equity78 said:
What would the steps be in order from first to last if you were consulted here or owned Epik in it's entirety?

I suppose the one step that applies no matter what is: log everything. From the moment you find out there might be an issue, everything needs to be recorded. This has a number of benefits:

It forces you to think about what you're doing instead of panicking.
It provides a record of your response. Optionally, it can be published live to reassure users that you're responding to the incident.
It ensures everyone responding is on the same page.
For long incidents, it allows you to hand off, which is important: tired, stressed incidence response teams make mistakes, so each individual on the team needs to be able to rest without fear of being paged.
It enables to you to learn from the incident after-the-fact.

frostify · Sep 15, 2021

I think it’s been a long enough period of silence from Rob/Epik that I’m going to begin the process of moving out domains to another registrar.

At the very least they could have put a banner or blog post up saying “we’re investigating, here’s what customers should do in the meantime…” but they haven’t.

Lox · Sep 15, 2021

.X. said:
I looked all over the internet .. including Dark .. I have found nothing from Anonymous stating they coordinated and are responsible for the hack .. so until clarity comes from Rob Monster and Anonymous.. I will just monitor

The @ AnonOpsSE posted (@ AnonOps didn't )

twitter .com /AnonOpsSE/status/1438100775968837636

DN Playbook · Sep 15, 2021

This thread is exploding. I still have a few pages to catch up on. Here are brief thoughts.

bmugford said:
I just found this tweet. This was just reported as news yesterday, but the tweet is from (2) days ago.

https://twitter.com/x/status/1437517323775086594

Hackers come in many different colors. Most are determined to steal data and sell it on the dark web. Identity theft, bribes, ransomware, and other scams. This one sounds like it was motivated by Rob's position on free speech, hate speech to be precise. This is well documented on NP, Wikipedia, and many other sites, including journalist articles. I don't know what he was thinking. Maybe a way to differentiate his company.

Paul said:
Companies are going to get hacked; that's just the way it is. While there are clearly security lapses visible in the data, that's no different from any other company. Maybe it was hacktivism, maybe it was a disgruntled customer, maybe it was just someone who thought it was fun--it doesn't really matter.

This is very true. The bigger the company gets the more likely it will become a target. But what is most important is what is the company's response.

alert Epik Had A Major Breach

Domains88.comTop Member

standforUkraine.comTop Member

Tech, NamePros

standforUkraine.comTop Member

Top Member

In God I TrustTop Member

Tech, NamePros

Tech, NamePros

In God I TrustTop Member

Tech, NamePros

In God I TrustTop Member

Top Member

Tech, NamePros

In God I TrustTop Member

Private InvestorTop Member

In God I TrustTop Member

Tech, NamePros

Top Member

In God I TrustTop Member

Tech, NamePros

Private InvestorTop Member

In God I TrustTop Member

Tech, NamePros

Top Member

____Top Member

Established Member

Similar threads

We're social

Pinned

Appreciation

Agreement