alert Epik Had A Major Breach

karmaco said:

I canceled a card that was stored on Epik previously

Click to expand...

If the issuing bank also has an opportunity to add the card to "stop list" - ask them to. Stop List is an extra security feature, which, unfortunately, is not used frequently. This is to avoid offline/delayed authorizations and the like (still possible)

tonyk2000 said:

If the issuing bank also has an opportunity to add the card to "stop list" - ask them to. Stop List is an extra security feature, which, unfortunately, is not used frequently. This is to avoid offline/delayed authorizations and the like (still possible)

Click to expand...

This is a good idea for sure. I see people talking about having extracted card + cvv numbers from the database. Again, can't verify but better to be safe.

@Rob Monster
And remove all 3rd-party integrations/holes like amateur Estibot.

I have a feeling this may be an internal hack from the employee(s) as Epik used to go to Forums like Namepros and hired them cheap. Someone here posted Epik has 37 members here worked for them.
Cutting the corner by hiring cheap employees is not good business along with other inadequate security measures like store data in plain text.
Another important thing is they never tell the customers (and they may never will) what are the damages and nor they tell the customers what should they do in this situation.
Leave the customers in the wonderland and let them find out what is going on is not good.

Jurgen Wolf said:

And remove all 3rd-party integrations/holes like amateur Estibot.

Click to expand...

Indeed. They are in data analytics business. In this business, everything is under radar. They sell "appraisals", but, actually, such companies should instead PAY for data they receive and analyze.
Swiss bank of domains should not have such a blackhole.

DirkS said:

This is what bothers me most. By now they should have been able to assess some of the data and give an update.

Click to expand...

karmaco said:

I canceled a card that was stored on Epik previously as a safety measure since we aren’t getting details on the extent and likely never will.

Click to expand...

This story has started to gain even more traction on popular websites like -

https://www.motherjones.com/politics/2021/09/epik-hack-anonymous-gab-parler/

https://arstechnica.com/information...of-data-from-epik-web-host-of-gab-and-parler/

https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

https://www.techtimes.com/articles/265416/20210915/anonymous-hackers-leak-epiks-database—experts-confirm-gigabytes-data-obtained-8chan.htm

https://gizmodo.com/anonymous-claims-to-have-stolen-huge-trove-of-data-from-1847673935

Not much has come from Epik, and the few statements certainly do not seem to acknowledge the seriousness of the situation IMO.

Lots of deflection about politics from Epik connected parties. No one cares.

Epik is responsible for protecting their customer's data. Any excuse outside just taking responsibility is deflection.

The customers want to know -

What actually happened?
How did it happen?
What data have the hackers taken?
What they need to do?
What is going to stop it from happening again?

The ball is in Epik's court to answer those questions.

Brad

Per this article -

https://arstechnica.com/information...of-data-from-epik-web-host-of-gab-and-parler/

"We are not aware of any breach. We take the security of our clients' data extremely seriously, and we are investigating the allegation," an Epik representative told Ars.

Hackers alter Epik’s knowledge base to mock company’s response

Anonymous also tampered with Epik's knowledge base to mock the company's denial of the breach.

"On September 13, 2021, a group of kids calling themselves 'Anonymous', whom we’ve never heard of, said they manage[d] to get a hold of, well, honestly, all our data, and then released it," said the altered knowledge base, as seen in an archived copy. "They claim it included all the user data. All of it. All usernames, passwords, e-mails, support queries, breaching all anonymization service we have. Of course it’s not true. We’re not so stupid we'd allow that to happen."

This is obviously very worrying news.

It's also a bit disappointing that Epik hasn't updated their customers as to what exactly is going on.

An important question now which hopefully can be answered by the senior members of this forum would be, what should Epik customers do now?

Should they stop using Epik and get all there domains out of there after this event?

You already know: where Moniker is now...
And their case was easier many times.

Epik - why not to try to arrange something like this? Would be better:

peace800 said:

what should Epik customers do now?

Click to expand...

Customers should continue to communicate their urgent concerns to the company and ask for more concrete information about what happened.

Lox said:

DNW comment

Show attachment 199492

Click to expand...

Even here $6.99 ad...

peace800 said:

what should Epik customers do now?

Click to expand...

Transfer-out as standard/adequate reaction.
Another landers/nameservers as minimum.

I have some domains with Epik and before the breach I was planning to transfer to Epik some others from time to time. I use different registrars according to convenience.

Now, more than before, I will renew with them my domains and proceed in the future to move other domains to Epik.

The reason is that any Company is on the list for the next breach and, as a consequence of what happened, it is very unlikely that Epik will be again the next on this list.

They have received their vaccine dose. Now they're suffering for side effects, but for long time they will be immunized.

88.88 said:

The reason is that any Company is on the list for the next breach and, as a consequence of what happened, it is very unlikely that Epik will be again the next on this list.

They have received their vaccine dose. Now they're suffering for side effects, but for long time they will be immunized.

Click to expand...

Because they suffered a massive data breach, they are more unlikely to suffer another data breach?

That is kind of odd logic in my view.

Brad

Brad, I make mistakes every single day, but I try not to repeat them. I like to change.

.

Bravo Mod Team said:

Manipulation of archive.today is unlikely.

Here’s the same page on the Wayback Machine:

• https://web.archive.org/web/2021091...they-claim-we-got-hacked-q-says-theyre-lying/

Click to expand...

I’m not going to ask CST how and what . They have been doing a lot more important things , here is the link for me to read so when you have a chance/time …. interesting info.

rewritinghistory.cs.washington.edu

franziroesner.com/pdf/Lerner-RewritingHistory-CCS2017.pdf

Regards

The 'hack' either occurred prior to March (6 months ago) or it was a recent 'hack' of data that was stored at a supplier/2nd site. Either way, any 'damage' that would have happened including stolen names would have and/or should have happened well before now.

Codes have been changed, more than once, and if your names do not stay locked always (regardless of who your registrar might be) you probably should not dabbling in the art of domain investing.

Until/unless someone can legitimately report he/she has had a name stolen I'm not going to worry too much.

Back to the first paragraph, if the data was hacked 6 months ago, why did the hackers wait so long to make a production about it? Were they trying to extort Epik in the meantime or did they just manage to get get access to off core storage in the last several days?

(sorry if any of this has been addressed in recent posts...for some reason my last read response did not hold and I was taken back to the first post)

They didn't wait, this week they got backup of Epik DB.

Tons of Adult domains/websites were under Moniker...
Or another toxic registrar.

alcy said:

private keys of what? epik doesnt store crypto keys

Click to expand...

Private keys have been an essential component of cryptography since long before cryptocurrency came about. They're used for everything from authenticating with core infrastructure to securing VPNs to SSL/TLS certificates.

Jurgen Wolf said:

DNSSEC.

Click to expand...

If present (I haven't checked), that's probably the least concerning type of private key in the leak. It appears to contain private keys for SSH authentication as well as for SSL/TLS certificates.

Theoretically, if the SSH private keys are valid and protected with weak passwords (or no passwords), the attacker could've moved laterally within Epik's infrastructure: they probably would've been able to get into live systems using data from the backup. However, if they did manage to do so, they haven't shown their hand yet.

bmugford said:

Not much has come from Epik, and the few statements certainly do not seem to acknowledge the seriousness of the situation IMO.

Click to expand...

If the attacker has withheld data or is still in Epik's infrastructure, I'm concerned that Epik downplaying the seriousness may lead to further damage. Self-proclaimed hacktivists often seem to go that route.

88.88 said:

The reason is that any Company is on the list for the next breach and, as a consequence of what happened, it is very unlikely that Epik will be again the next on this list.

They have received their vaccine dose. Now they're suffering for side effects, but for long time they will be immunized.

Click to expand...

I like your optimism! I have no doubt Epik will do their best to learn from this, but it may take time for them to recover. At the moment, we're stuck in a period of uncertainty: we don't know the extent of the damage, and it's likely that Epik doesn't know yet, either. That's important to consider when doing your risk assessment and determining the best course of action.

I would also like to see other registrars learn from this, but that may be asking too much.

Stay on topic.

I recommend to spend your energy and time on your domains.
Until is not too late.

DirkS said:

$

https://twitter.com/x/status/1438750666097319942

"

Click to expand...

"nearly stolen".

B/S.

bmugford said:

This story has started to gain even more traction on popular websites like -

https://www.motherjones.com/politics/2021/09/epik-hack-anonymous-gab-parler/

https://arstechnica.com/information...of-data-from-epik-web-host-of-gab-and-parler/

https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

https://www.techtimes.com/articles/265416/20210915/anonymous-hackers-leak-epiks-database—experts-confirm-gigabytes-data-obtained-8chan.htm

https://gizmodo.com/anonymous-claims-to-have-stolen-huge-trove-of-data-from-1847673935

Not much has come from Epik, and the few statements certainly do not seem to acknowledge the seriousness of the situation IMO.

Lots of deflection about politics from Epik connected parties. No one cares.

Epik is responsible for protecting their customer's data. Any excuse outside just taking responsibility is deflection.

The customers want to know -

What actually happened?
How did it happen?
What data have the hackers taken?
What they need to do?
What is going to stop it from happening again?

The ball is in Epik's court to answer those questions.

Brad

Click to expand...

All of that is true but Epik, like Moniker, Verizon, etc is a victim as are their customers. This got political because the hack was politically motivated.

Don't expect a lot of news from Epik until they have control of their own system. Anything they say now will be spun into a negative story.

alcy said:

nearly? how does nearly stolen count for anything?

Click to expand...

It doesn't. The author is a anarchist, to him, lying is like breathing.