alert Epik Had A Major Breach

Silentptnr · Sep 14, 2021

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

blockhead · Sep 18, 2021

I agree 100%, the email did not properly address the situation at all - in fact it downplayed the situation imho.

Precautionary? Alleged? C'mon.

bmugford · Sep 18, 2021

Emma Best
@NatSecGeek

Rob Monster describing Joey Camp trespassing while doing unlicensed PI work for him is an interesting admission. Joey seemed to confirm it in his lil 'press release', so I'm sure it'll be brought up in Rob's inevitable FBI interviews

11:03 AM · Sep 18, 2021·Twitter Web App

bmugford · Sep 18, 2021

DirkS said:
They should report, disclose and advise. Simple as that.

What you don't think deny, deflect, blame others is a viable strategy?

Brad

branding · Sep 18, 2021

bmugford said:
What you don't think deny, deflect, blame others is a viable strategy?

Brad

Lol, has been working for E up until now I guess so who knows

.

Nah seriously, Said it before, their downfall will be the way they handle this thing. Sheer arrogance and incompetence.

Bravo Mod Team · Sep 18, 2021

Future Sensors said:
https://www.troyhunt.com/weekly-update-261/

Weekly Update 261

Never a dull moment! [...] A few other random things in this weeks vid, the one worth following up on here though is the promised tweet about how to handle the Epik breach and the result so far is, well, let's just say I think I nailed the public sentiment in the video [...]

Additions to the quote above:

Troy Hunt talks about Epik from 27:23 to 43:30.

If you don't know:

Troy Hunt is a well-known, well-respected security expert.
He operates Have I Been Pwned?, which he mentions in the video while talking about Epik.
Learn more: https://en.wikipedia.org/wiki/Troy_Hunt

branding · Sep 18, 2021

Anyone tried to withdraw funds over the past few days? I want to clear out some balance left but not sure crypto is the safe way to go...

branding · Sep 18, 2021

The video q&a transcript, unfinished, to be updated:
https://blog.mollywhite.net/monster-qa/

mr-x · Sep 18, 2021

bmugford said:
Emma Best
@NatSecGeek

Rob Monster describing Joey Camp trespassing while doing unlicensed PI work for him is an interesting admission. Joey seemed to confirm it in his lil 'press release', so I'm sure it'll be brought up in Rob's inevitable FBI interviews

11:03 AM · Sep 18, 2021·Twitter Web App

Show attachment 199677

What's your point? The hack was justified?

branding · Sep 18, 2021

Federated Identity. That product is going to be rebranded soon, it’ll be called Valido.com…

Edit: transcript shows the wrong domain. Edited to share the right one.

bmugford · Sep 19, 2021

mr-x said:
What's your point? The hack was justified?

Nope. Please don't try to put words into my mouth.

I feel for the customers who are dealing with this hack and lack of information and guidance from Epik. I have an Epik account from many years ago, so at least some of my information was likely included in the data breach as well.

Brad

Future Sensors · Sep 19, 2021

Rob, I know you're reading, appreciate it.

Here's some good advice.

https://response.pagerduty.com/during/security_incident_response/#external-communication

bmugford · Sep 19, 2021

Future Sensors said:
Rob, I know you're reading, appreciate it.

Here's some good advice.

https://response.pagerduty.com/during/security_incident_response/#external-communication

Include the date in the title of any announcement so that it's never confused for a potential new breach.
Don't say "We take security very seriously." It makes everyone cringe when they read it.
Be honest, accept responsibility, and present the facts, along with exactly how we plan to prevent such things in future.
Be as detailed as possible with the timeline.
Be as detailed as possible in what information was compromised and how it affects customers. If we were storing something we shouldn't have been, be honest about it. It'll come out later and it'll be much worse.
Don't name and shame any external parties that might have caused the compromise. It's bad form. (Unless they've already publicly disclosed, in which case we can link to their disclosure).
Release the external communication as soon as possible, preferably within a few days of the compromise. The longer you wait, the worse it will be.
If possible, get in touch with customers' internal security teams before the general public notice is sent.

Bob Hawkes · Sep 19, 2021

It appears that transfer out of domain names is not operational now. At least yesterday it was possible to get Auth Code but, at least for me, not currently.

I agree we badly need some update with precise information especially regarding payment methods security, whether the method used in hack has been identified and if so has for sure been fixed, and other important information regarding steps that those with assets there should be taking, as well as what steps Epik are taking.

Bob

Edit: I mean not possible directly. I did not contact customer support to see if there was another way. I presume they are overwhelmed with inquiries.

Jurgen Wolf · Sep 19, 2021

If transfer-out doesn't work at all - it is against ICANN rules.

branding · Sep 19, 2021

Jurgen Wolf said:
If transfer-out doesn't work at all - it is against ICANN rules.

Not necessarily. They will probably be provided through support which isn't against ICANN rules.

Edit:

You could argue the reason for this limitation. Are they afraid of domains being stolen, or do they want to prevent people moving away en masse.

mr-x · Sep 19, 2021

bmugford said:
Nope. Please don't try to put words into my mouth.

I feel for the customers who are dealing with this hack and lack of information and guidance from Epik. I have an Epik account from many years ago, so at least some of my information was likely included in the data breach as well.

Brad

Some people are clearly enjoying Epik's problems.

Jurgen Wolf · Sep 19, 2021

Looks that we are in the beginning of Epik's end...

Jurgen Wolf · Sep 19, 2021

mr-x said:
Some people are clearly enjoying Epik's problems.

These people are healthy.
Instead another part is described here: https://en.wikipedia.org/wiki/Stockholm_syndrome

Rob Monster · Sep 19, 2021

There was a EPP maintenance during the last hour. It is finished.

Should be all systems go. Engineers are working very hard to audit and secure all facets.

Updates will follow, including an official email this evening.

xyo · Sep 19, 2021

Well, this is in total a complete clusterf***.

Always liked that Epik/Rob didn't go with nowadays attitude to cancel anything that is not 100% woke and PC, eventhough that made them a lot of enemies proclaiming them as "far-right" etc.

After first learing about this breach, I didn't panic and wanted to wait for actual facts to be published.
Now it's been at least five days since all that data has been publicly released by the hackers for anyone on the internet to be accessed freely.

Currently I'm not sure what troubles me the most: The fact that a breach of this kind was possible or their reaction up until now.

Actual information about what data has been breaced should have been communicated directly to all customers so that they are fully aware all of all information that now is more or less publicly available to anyone.

All in all, I'm not yet sure what I'll do myself, but imho their reaction (or absence of it) until now hasn't made things better

Jurgen Wolf · Sep 19, 2021

Yes, it is rocket science to place Maintenance banner in Control Panel...

Corey · Sep 19, 2021

Thanks @Rob Monster for the update.
Epik is my Number 1 Registrar, due to the First Class customer service & price.
#LoveYourWork.

Cheers
Corey

Rob Monster · Sep 19, 2021

Corey said:
Thanks @Rob Monster for the update.
Epik is my Number 1 Registrar, due to the First Class customer service & price.
#LoveYourWork.

Cheers
Corey

Thanks. Appreciate the support.

It has been all-hands on deck all week with many staff working through the night

Stay well and God bless.

Samer · Sep 19, 2021

Rob Monster said:
Thanks. Appreciate the support.

It has been all-hands on deck all week with many staff working through the night

Stay well and God bless.

Thanks @Rob Monster

Once again, post indicates, following thread.

Please, keep “fighting” on. (self-defense;
you are under attack; thank you again posting.

Samer

Jurgen Wolf · Sep 19, 2021

DirkS said:
Federated Identity. That product is going to be rebranded soon, it’ll be called Valido.com

When I see it - the only one emotion: Validol
Popular name of https://en.wikipedia.org/wiki/Menthyl_isovalerate

alert Epik Had A Major Breach

Domains88.comTop Member

TruckerTop Member

www.DataCube.comTop Member

www.DataCube.comTop Member

Private InvestorTop Member

Moderator, NamePros

Private InvestorTop Member

Private InvestorTop Member

Account Closed (Requested)

Private InvestorTop Member

www.DataCube.comTop Member

78% of human domainers will be replaced by robotsTop Member

www.DataCube.comTop Member

Top Member

standforUkraine.comTop Member

Private InvestorTop Member

Account Closed (Requested)

standforUkraine.comTop Member

standforUkraine.comTop Member

Founder of EpikTop Member

Established Member

standforUkraine.comTop Member

Top Member

Founder of EpikTop Member

Top Member

standforUkraine.comTop Member

Similar threads

We're social

Pinned

Appreciation

Agreement