IT.COM

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Anyone who stay, will be in the same political direction with the registrar.
Important observation: a lot of customers, especially non-U.S. based ones, have no interest in U.S. politics at all. Not only this, they do not care about differencies between lets say East Coast and West Coast, Weinstein and Epstein, Republicans and Democrats...
Which is why an IT company, especially if it is providing services worldwide, shout simply stop mixing the business and politics...
 
Last edited:
17
•••
Important observation: a lot of customers, especially non-U.S. based ones, have no interest in U.S. politics at all. Not only this, they do not care about differencies between lets say East Coast and West Coast, Weinstein and Epstein, Republicans and Democrats...
Which is why an IT company, especially if it is providing services worldwide, shout simply stop mixing the business and politics...
And religion
 
13
•••
Important observation: a lot of customers, especially non-U.S. based ones, have no interest in U.S. politics at all. Not only this, they do not care about differencies between lets say East Coast and West Coast, Weinstein and Epstein, Republicans and Democrats...
Which is why an IT company, especially if it is providing services worldwide, shout simply stop mixing the business and politics...
I don't really want to say if i agree with mixing politics on business or not. However, i am sure that it has impact for a company which want to make a difference, positive or negative. Only the time will show if they can survive that.
 
Last edited:
2
•••
Last edited:
1
•••
You already know: where is Moniker.
.COM Moniker Online Services LLC (IANA Id 228) 294,256

Moniker had become a major player in the early domain name market but a lot of the buzz went out of the market when both large-scale Domain Tasting stopped and the SubPrime/property bubble burst. Think it is owned by a larger operator now. The highly successful hosting/registrar brands tend to target a wide market rather than concentrating on a niche.The reality is that many non-domainer registrants don't pay a lot of attention to which registrar they use. They tend to use the market leaders and continue to renew their domain names for the lifetime of their business. As the registrar reports show, transfers between registars are generally quite low compared to new and deleted registrations. At a web hoster level, the transfers are far more obvious.

Regards...jmcc
 
Last edited:
11
•••
Here's just one example of what's being done with the massive data dump. Folks are just getting started, and intentions will vary. That's a shitload of now-public data. Some will be intent on profiting off the financials, others will stick to ideological goals, some simply enjoy chaos, others may attempt a ransomware attack.

And you have to keep in mind that not all breaches are intentionally or quickly exposed - if it hadn't been made public in this manner, who knows how long it would have taken for it to be discovered.

Personally I have zero confidence that there's only one exploitable hole in Epik, considering that they've apparently been ignoring multiple warnings about serious issues with their platform, and based on the shoddy work that has now come to light.

 
Last edited:
10
•••
To any registrar and anytime (com/net). Within 60 days - if and only if the current registrar so allows. In current situation, Epik should make a decision NOT to prevent such transfers imo... There is no winning love by force.

@Rob Monster Will Epik allow this in this scenario, since it's permitted by ICANN?

I think it's certainly appropriate considering the circumstances. It's not unreasonable for people to have serious concerns about the security of their domains locked at Epik.
 
Last edited:
5
•••
11
•••
US > Data Breach Response: A Guide for Business (FTC.GOV) PDF Attached.

Regarding the EU Data protection... since personal etc information is invloved... "Data Protection Authority must be notified of a certain incident, and possibly the data subjects as well etc." (EU Data breach)

Regards
 

Attachments

  • DBR.pdf
    321.4 KB · Views: 111
Last edited:
8
•••
Moniker was one of popular pornographic registrars.
 
1
•••
US > Data Breach Response: A Guide for Business (FTC.GOV) PDF Attached.

Regarding the EU Data protection... since personal etc information is invloved... "Data Protection Authority must be notified of a certain incident, and possibly the data subjects as well etc." (EU Data breach)

Regards

Out of curiosity, looking out for my own data, is there a way to check whether it's been reported?

@epik , did you report it?

There's a fair amount of EU located domainers here who are probably wondering the same thing.
 
3
•••
Don't tag @epik
This account is dormant.
 
3
•••
@Rob Monster Will Epik allow this in this scenario, since it's permitted by ICANN?

I think it's certainly appropriate considering the circumstances. It's not unreasonable for people to have serious concerns about the security of their domains locked at Epik.

They already allowed it before breach. Contact tony at E .com (you'll figure out the address) to request unlocking your names and provide the Auth codes. That was the procedure pre #epikfail
 
5
•••
4
•••
They already allowed it before breach. Contact tony at E .com (you'll figure out the address) to request unlocking your names and provide the Auth codes. That was the procedure pre #epikfail

Regarding transfer outs. If we transfer out within 45 days after we transferred to Epik, can we request a refund? since the registry will refund you?

@Rob Monster
 
2
•••
Out of curiosity, looking out for my own data, is there a way to check whether it's been reported?

Don't know.
F.e. ... In April 2021, for delay in reporting data breach t.t. Dutch Authority, Booking.com has imposed a €475,000 fine
 
3
•••
Last edited:
2
•••

Don't know.
F.e. ... In April 2021, for delay in reporting data breach t.t. Dutch Authority, Booking.com has imposed a €475,000 fine

Wouldn't Epik have to operating in said countries to be in breach of their laws?
 
3
•••
Wouldn't Epik have to operating in said countries to be in breach of their laws?

Short version... No :). Goes beyond the scope of this thread. It's complicated.
 
3
•••
Wouldn't Epik have to operating in said countries to be in breach of their laws?
No.

https://gdpr.eu/companies-outside-of-europe/

The GDPR does apply outside Europe

The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not, known as “extra-territorial effect.”

The GDPR spells out in Article 3 the territorial scope of the law:

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
 
5
•••
About the obligation to notify of a breach under GDPR
https://ec.europa.eu/info/law/law-t...ch-and-what-do-we-have-do-case-data-breach_en
A data breach occurs when the data for which your company/organisation is responsible suffers a security incident resulting in a breach of confidentiality, availability or integrity. If that occurs, and it is likely that the breach poses a risk to an individual’s rights and freedoms, your company/organisation has to notify the supervisory authority without undue delay, and at the latest within 72 hours after having become aware of the breach. If your company/organisation is a data processor it must notify every data breach to the data controller.

If the data breach poses a high risk to those individuals affected then they should all also be informed, unless there are effective technical and organisational protection measures that have been put in place, or other measures that ensure that the risk is no longer likely to materialise.

As an organisation it is vital to implement appropriate technical and organisational measures to avoid possible data breaches.

Examples...

Googling this turned up quite a few ads for law firms offering to seek compensation for anyone affected by a breach!
 
Last edited:
5
•••
Found this on twitter via @epikfailsnippet
Not sure if its relevant, dont know about any of these sites.

In case anyone was curious, here are all of the domains owned by Michael Zimmerman aka Alex Jones' IT Director for FreeSpeech, LLC dba InfoWars

pastebin.com/a8xQfY0H

#EpikFail
——————————-
From @blue_leaks
Hacktivists from #Anonymous have released 180 GB from the domain registrar Epik. #EpikFail has already revealed who registered the website for the Oathkeepers, for TheDonald .Win, and what other domains are owned by Alex Jones’ IT director:
 
2
•••
Sounds like failed login attempts may have been stored in plaintext as well, meaning passwords you use on other sites may be included in the now-public data dump also.

My suggestion then would be to go through and change your passwords essentially everywhere, ASAP, (and not just domain stuff) if you think you "might" have tried logging in with it at Epik in the last 10 years. This means your emails, crypto, online banking, domain marketplaces & registrars, streaming services, restaurant apps, game apps, etc -- anywhere and everywhere you may have used a potentially-leaked password.

Going forward - be sure to use strong, unique passwords everywhere online. Pain in the ass for sure, but this is the reality of the world we live in.



 
Last edited:
12
•••
Too late for "damage control" from a customer perspective. Idk about y'all but I'm pissed off beyond words. By both the negligent incompetence and the backwards ass politics.

I wouldn't use Epik even if it was the last registrar on earth.

They invite chaos and religious/political fanaticism. I just want a safe place to keep my assets, not a circus tent of bullshit.
 
9
•••
10
•••
Back