IT.COM

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
The data appears to cut off around the end of February/beginning of March of this year.

That's supposedly when the hack happened. Don't know what to believe and it doesn't really matter. What they got is plenty enough to put your assets and private data at risk.

On the upside, transfers seem to go through without issues so at least you can keep your domains save. I changed whois data for all of them after transfer to another email address to be on the safe side.
 
3
•••
~6.5 months are not critical even for AUTH codes.
Many registrars refresh them just once.
 
Last edited:
5
•••
Here is a genuine concern of mine. I have changed my password to be sure to be sure. Is the Federated Identity login a good idea or a bad idea in the current context?

Edited by moderator: Removed remainder of post
 
Last edited by a moderator:
1
•••
Here is a genuine concern of mine. I have changed my password to be sure to be sure. Is the Federated Identity login a good idea or a bad idea in the current context?

Login data may get distributed widely, so 2FA is a good protection. The "Federated Identity" thing is a method of Single Sign On (SSO), I think.

The attackers may still be able to bypass any of these authentication measures. It's up to you and each individual / company / website to assess whether you may be a further target.

See also this posting.
 
Last edited:
4
•••
It does seem to affect (new) registrations:

Screenshot_20210916-195626.png
 
Last edited:
8
•••
Last edited:
1
•••
Rob posted he thought the data taken was from a system backup, years old. I still think it was an inside job.

Definitely not years old. Analysed some data and located relatively new accounts ( end 2020).
 
4
•••
I consider this as an attack on domaining community.
 
Last edited:
6
•••
It does seem to affect (new) registrations:
yup, hardly anyone dare to register new domain as of now (after reading about the hacking news all over internet) with Epik.

until the dust settles down...
 
4
•••
Definitely not years old. Analysed some data and located relatively new accounts ( end 2020).

A quick read and mental projection ( wishful thinking ) on my part. I apologize for the mistake.
 
6
•••
I consider this as an attack on domaining community.
We support scandals with DAN, GoDaddy, PayPal???
I don't think so.

As I already said in another thread:
Epik needs rebranding and absolutely another kind of PR.
 
4
•••
The engineer pointed the Daily Dot to what they described as Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.

The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.

Wow!

If an organisation like Epik is storing passwords in plain text, that's another level of incompetency. Truly hope this isn't the case.
 
Last edited:
4
•••
We support scandals with DAN, GoDaddy, PayPal???
I don't think so.

As I already said in another thread:
Epik needs rebranding and absolutely another kind of PR.

I actually just meant to say that its majority of domainers whose data has been allegedly compromised. I am not going in the discussion of ideological tilt towards epik or not , i am talkin technically regarding data and domain related company.
 
Last edited:
1
•••
Some Domainers might have an issue with ideological and political leaning of Mr Rob. Some of us might agree with him as well.
Epik might be competitor for some registrars such as GoDaddy , dynadot, namecheap etc but at the end of the day all domainers and related companies are part of same small group. In the rest of the world ppl don't support domainers much.

I believe all rich domain related companies must hire best security experts together and should raise the bar of security in the domain space so that it do not happen with anyone else. Also all big domain related companies and ica must together try to find out who is behind all of this alleged attack.

All of us must agree to the fact that these so called anonymous hackers do not care about your ideology. All they care is about making ppl's life difficult. Ok if even these alleged hackers do not agree with epik political ideology but at the end of the day they are putting out millions of other guys' data out there in public which is not ethical in my view. These r just my personal thoughts.
I stand with epik in this.
 
Last edited:
5
•••
I don't know any other popular registrar among domainers, which was hacked for last decade.
Epik is the only one. So their fault only.
 
Last edited:
2
•••
I don't know any other popular registrar (among domainers), which was hacked for last decade.
Epik is the only one. So their fault only.
How can you blame the victim . I don't understand it. Epik is victim here. Am I missing something in all of this. Itz like trying to justify the hack.
 
5
•••
this thread went to sh^t pretty quickly - why someone didn't start another one to discuss/argue the pro's and con's of Epik,, Rob, Alt Right, Liberalism etc etc and let this one be about the matter in hand is baffling.......

It's been mentioned a few times - can we just let this thread be about updates on the hack and keep the rest out of it?
 
17
•••
I don't know any other popular registrar (among domainers), which was hacked for last decade.
Epik is the only one. So their fault only.

I believe there have been a few, but I'm not aware of any being quite as public. Since the others weren't public, it's harder to know exactly how far the attackers got.

I do know for certain that at least one other service popular among domainers has been compromised recently, and the credentials obtained during the attack have been leveraged to gain access to NamePros accounts, since people tend to use the same password for all their accounts.

How can you blame the victim . I don't understand it. Epik is victim here. Am I missing something in all of this. Itz like trying to justify the hack.

The argument for assigning some degree of blame to Epik is that some of their security practices appear to have been bordering on negligent. However, that assessment is based exclusively on data that an attacker published. Conveniently, the majority of the passwords/hashes appear to have been removed by the attacker. For all we know, they could've been proper hashes.
 
9
•••
Victim in plain text...

Everybody gets what deserves.
 
Last edited:
1
•••
Victim in plain text...

It's looking increasingly as though the password/hash data has been tampered with, and only a small subset of passwords/hashes--not those for the core Epik accounts, but for extra services--have been included.

There's definitely data that appears to be stored inappropriately, but the fact that the epik_users table has had its password column replaced with bogus text raises more questions than it answers. Most entries are just eight-character strings of lowercase letters following simple patterns (consonant, vowel, consonant, vowel, etc.).
 
11
•••
We are talking about CC details and AUTH codes...
 
4
•••
For last decade I have seen only customer accounts hacked, but not the entire DB.
Epik DB is the only one.
 
Last edited:
1
•••
I believe there have been a few, but I'm not aware of any being quite as public. Since the others weren't public, it's harder to know exactly how far the attackers got.

I do know for certain that at least one other service popular among domainers has been compromised recently, and the credentials obtained during the attack have been leveraged to gain access to NamePros accounts, since people tend to use the same password for all their accounts.



The argument for assigning some degree of blame to Epik is that some of their security practices appear to have been bordering on negligent. However, that assessment is based exclusively on data that an attacker published. Conveniently, the majority of the passwords/hashes appear to have been removed by the attacker. For all we know, they could've been proper hashes.

Were the users of that service notified Paul, did Namepros let users know of this site compromised and also used on Namepros?
 
2
•••
Please read.

https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

‘Worst I’ve seen in 20 years’: How the Epik hack reveals every secret the far-right tried to hide
'They are fully compromised end-to-end.'

The scary part from the article is this:

The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.

So basically if you have a wordpress website hosted at Epik hackers can take over your website.

The damage from this breach is much more severe than I initially thought.
 
Last edited:
5
•••
We are talking about CC details and AUTH codes...

Almost all of the credit cards have been censored; it's not clear by whom. I stumbled upon a handful that weren't, but for all I know they could've been Epik's or simple test data--there weren't many. I'm not sure how anyone can allege that they're valid without actually trying to use them.

That being said, there's no shortage of PII, which is going to make dealing with this a nightmare. We're still not entirely sure how we're going to combat the inevitable influx of attacks that arise from this.

Were the users of that service notified Paul

I don't believe they were notified by the service itself. The attacker tried to brag about it on NamePros and claim he would be able to hack NamePros as well, going so far as to post a link to a screen recording showing some of the data from the third-party service. I strongly suspect a number of industry blogs were also affected, but I don't know for sure which were actually compromised and which were simply on the attacker's radar.

did Namepros let users know of this site compromised and also used on Namepros?

When we believe that a NamePros account may be at risk in such a scenario, we lock it down and require a password reset. When such a user tries to log in, they'll be that we think their account has been compromised, but we don't get into specifics. I'm not sure it would be a good idea for us to disclose specifics or send out mass notices in response to suspected attacks on third-parties--that seems like it might be an ethical gray area. It's a little different when the information is already public and available to anyone who's willing to take the time to comb through the data.

We're looking into whether it makes sense to force password resets for NamePros accounts that might correspond to accounts in the Epik breach, but I'm worried that if the worst happens, the affected people may have trouble accessing their email. That's a worst-case scenario, but I'd like more info before acting.
 
Last edited:
8
•••
Back