Dynadot

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Any way to track identity of .win domain
or any domain this fail terror group, uses?

Possibly yes, depending on which registrar they used.
 
4
•••
Remember, Moniker were hacked in 2014 and domains were stolen:

http://dotweekly.com/massive-moniker-com-breach-valuable-domains-stolen/ :

From what I can tell, it is very likely that ALL, yes ALL Moniker.com accounts were breached (hacked). I have hard dates starting on September 20, 2014 (it is likely that it started a couple days prior based on data I have seen, maybe the 15th) and lasted for several days going past September 23.

Plenty of discussion at the time on NP:
https://www.namepros.com/threads/moniker-is-done.834723/
 
8
•••
While I'm generally willing to give Epik and Rob the benefit of the doubt, this tweet in particular does not sit well with me:
upload_2021-9-17_1-28-58.png


I reported a vulnerability both to Rob and the responsible developer on February 19, 2020. Neither responded (full size image for legibility):

upload_2021-9-17_1-16-17.png


I understand that it can be difficult to find good developers. I also understand that it can be even more difficult to find good security professionals. That's why I go out of my way to report vulnerabilities and offer my input when it can help people. I believe all security professionals have an ethical responsibility to report vulnerabilities when they become aware of them, and I was willing to do that in this scenario even if it compromised revenue for NamePros.

I certainly hope Epik has learned from this and will take such reports more seriously in the future.
 
Last edited:
23
•••
This thread is now 18 pages long. People are looking for answers, not the same bickering they have come to expect from every Epik thread on NamePros. Let’s try to keep the density of actionable, novel information high.
 
Last edited:
15
•••
At the end of the day Epik, like any other company, is tasked with protecting customer's data.

They apparently failed at that, including storing crucial data in plain text.

How are they the victim? When Verizon is hacked are they the victim? When T-mobile is hacked are they the victim?

The real victims are the customers who potentially had sensitive information leaked.

If you want to be a big boy company, you need to accept responsibility when you fail to safeguard data and not play the victim.

Brad

Both things can be true: Epik should have encrypted their backups ( if it was a back up ) and the hackers / political motives were bad.
 
5
•••
Even if the data was encrypted, it wouldn't be too difficult for a hacker to figure out where the decryption keys are stored once they've got a hold of everything, source code and database. In this particular case maybe both encrypting some data and storing the keys on different physical computers could have helped, but a motivated individual could still retrieve them once he has access to the internal network.
 
4
•••
Even if the data was encrypted, it wouldn't be too difficult for a hacker to figure out where the decryption keys are stored once they've got a hold of everything, source code and database. In this particular case maybe both encrypting some data and storing the keys on different physical computers could have helped, but a motivated individual could still retrieve them once he has access to the internal network.

While I don’t think it would be reasonable to expect this of a small company, it is possible to have backups that can’t be decrypted even if the company’s infrastructure is completely compromised. Companies with the resources to develop and deploy such solutions should certainly consider doing so. In the interest of helping other companies learn from the mistakes made here, that’s worth noting.
 
7
•••
Did Monster really say that those loyal to Epik will be rewarded in the afterlife? In any event, everyone should transfer out their domains immediately. Epik needs to offer free credit monitoring just for starters. I expect they won't survive this hack.
 
0
•••
While I don’t think it would be reasonable to expect this of a small company, it is possible to have backups that can’t be decrypted even if the company’s infrastructure is completely compromised.
For a backup stored in a different building or geo location yes, one would not have the decryption keys at the same physical place. But if the company infrastructure is completely compromised, I don't know, I'll look for strategies out of curiosity now that we've got here. If you happen to have some links I'd be thankful.
 
1
•••
For a backup stored in a different building or geo location yes, one would not have the decryption keys at the same physical place. But if the company infrastructure is completely compromised, I don't know, I'll look for strategies out of curiosity now that we've got here. If you happen to have some links I'd be thankful.
It'd be as simple as storing the key(s) on a CD/DVD, or piece of paper, stowed in a safe physical location.

Because of that, impenetrable encryption of backups is far simpler than encryption of "core production."

Another thing ... for about 10 min the Lolz did this .... http://archive.today/traih
it is known that the Archive (is) is being used as a disinfo hub for .... years. The easiest way was/is to manipulate screenshot metadata (f.e. jpg/png source code) but also there's injecting the fw code (no further info) ...
Manipulation of archive.today is unlikely.

Here’s the same page on the Wayback Machine:
 
11
•••
4
•••
The hackers confirm this as part of the leak:
  • Domain purchases
  • Domain transfers
  • WHOIS history
  • DNS changes
  • Email forwards, catch-alls, etc.
  • Payment history
  • Account credentials
  • Over 500,000 private keys
  • An employee's mailbox
  • Git repositories
  • /home/ and /root/ directories of a core system
 
3
•••
This is a well-organized, and well-planned campaign against E.
Which opens the question of dates. It may well be that the hackers were inside for a long time, and just released their findings this week. And there is no evidence showing that the epik systems are now 100% clean.

Also, if this was a long-term backup server that was breached, as Rob stated, there is no reason for it to be left unencrypted.
Moreover, there is no reason for it to be stored online imo.
 
6
•••
The hackers confirm this as part of the leak:
  • Domain purchases
  • Domain transfers
  • WHOIS history
  • DNS changes
  • Email forwards, catch-alls, etc.
  • Payment history
  • Account credentials
  • Over 500,000 private keys
  • An employee's mailbox
  • Git repositories
  • /home/ and /root/ directories of a core system

Makes me wonder why the delay in making it available for "public download" as they said ...negotiations with Epik

I won't speculate, weird situation
 
2
•••
Makes me wonder why the delay in making it available for "public download" as they said ...negotiations with Epik
This could be part of the negotiations (tweet link).
I just convinced @robmonster to remove the A-List record for http://yourdaddyjoey.com, a website that has doxxed me and dozens of others. This means the website has been taken down.
 
6
•••
The hackers confirm this as part of the leak:
  • Domain purchases
  • Domain transfers
  • WHOIS history
  • DNS changes
  • Email forwards, catch-alls, etc.
  • Payment history
  • Account credentials
  • Over 500,000 private keys
  • An employee's mailbox
  • Git repositories
  • /home/ and /root/ directories of a core system

private keys of what? epik doesnt store crypto keys
 
3
•••
4
•••
11
•••
The entire DB leak is the only one, and it is Epik.
 
2
•••
Last edited:
3
•••
Wow I have been out of the loop on this, just caught up to the last post.

This is the type of attack the left loves to see, as you can witness from the relentless commentary of those on the left everywhere, their foundation of hatred is shown when one of their adversaries suffers a loss of any kind. The left wants total control of speech in a hegemonic way, and if you think Epik getting attacked like this is good, you are likely an authoritarian that belongs to that group of individuals. Liberty ends when speech is controlled, that's why we must fight with everything we have to ensure companies like Epik survive. Domains are the last frontier for our liberty worldwide, no doubt they will be attacked relentlessly.

The good thing is this, domains are a strong frontier. These tools are way stronger than any social media handle individually, and that's what we have to remember when we see a whole registrar come under attack in a coordinated effort. This is a WAR and the losers always play dirty.

As far as Auth codes go, you can just lock your domains and the auth codes won't matter. You can also have the domains "super locked" to prevent fast transfers inside your account, should you need that extra layer of security. Although I haven't been at Epik since the beginning of July, I don't see how this breach will affect domain names at all. It sounds like the person who wrote the description of the breach has little knowledge of how domain names truly operate.

The Epik tech team is highly skilled and competent, worked together with them for almost 2 years and I can say they are incredible human beings from the work they do every day. The only thing this attack will yield is a higher level of competence for that team, I have no doubt about it. I say that as a non-employee customer.

Stop politicizing criminal activity. Thats what got Epik into trouble to begin with. Leave religion and politics out of our businesses.
 
12
•••
2
•••
nearly? how does nearly stolen count for anything?

I dunno man. Just reporting as it might indicate your funds @epik are not safe.
 
4
•••
I canceled a card that was stored on Epik previously as a safety measure since we aren’t getting details on the extent and likely never will.

This is why the dismissal by PP was so annoying. I don’t like to store my credit cards anywhere else. How is Epik going to ensure going forward that our payment methods and our domains are safe is what I want to know.
 
Last edited:
13
•••
we aren’t getting details on the extent and likely never will.

This is what bothers me most. By now they should have been able to assess some of the data and give an update.
 
6
•••
Back