This is very serious, please don't this lightly.
This is no debate about the hack, please stay on topic.
So as you know there's been a data breach at epik.
Names, addresses, phone numbers, email addresses, usernames, credit card info and who knows what has been leaked.
I advise each and everyone to do the following.
Change your passwords, but also your email addresses at ALL your registrars which are using the same email address.
As you know there's bad people around.
Us domainers hold assets at registrars. It's literally like accounts holding money or crypto. Please don't take this lightly, people love money, we are a real, viable target.
With your personal info, scammers could try to contact registrars customer service in order to reset your email/passwords through many ways.
One of them is this one, brought to our attention by @Lox
This is literally a form from a registrar, that allows you to change the email address that you have on file.
People could literally make fake IDs and attach them to this form to be able to change your email address.
It is said on this form that you will be contacted on both new and old email, if you miss it, if it goes to spam, if you receive while you're away and scammer has time to validate it, you're screwed.
Who knows what scammers are able to do, they could call customer service saying I lost my device which had my email and password managers saved on it I dont remember anything please help me this is my personal info + last credit card digits I have to prove my idendity + whatever blah blah blah they can craft.
Have scammers land on one unsuspecting customer service agent and it could be the end.
They could also have accomplices, think about companies with foreign offices like godaddy.
This just a simple ideas; Scammers have very elaborate and structured ideas plans.
So protect yourself, don't take this lightly.
Change your registrar emails.
And change email/passwords on afternic, dan, sedo, domainagents, etc.. etc..
And turn on 2FA.
Today I remembered domainagents so I changed password, and turned on 2FA. Guess I'll change all emails tomorrow.
Don't forget to change passwords at places like ADOBE, email/hosting providers, etc.. where you used the same email/password, as all could have additional data or cards saved in profiles which scammers could use to craft whatever they need to.
If you have ideas as to what must be done, examples of what can/has happened, you are welcome to share.
Thank you
This is no debate about the hack, please stay on topic.
So as you know there's been a data breach at epik.
Names, addresses, phone numbers, email addresses, usernames, credit card info and who knows what has been leaked.
I advise each and everyone to do the following.
Change your passwords, but also your email addresses at ALL your registrars which are using the same email address.
As you know there's bad people around.
Us domainers hold assets at registrars. It's literally like accounts holding money or crypto. Please don't take this lightly, people love money, we are a real, viable target.
With your personal info, scammers could try to contact registrars customer service in order to reset your email/passwords through many ways.
One of them is this one, brought to our attention by @Lox
This is literally a form from a registrar, that allows you to change the email address that you have on file.
People could literally make fake IDs and attach them to this form to be able to change your email address.
It is said on this form that you will be contacted on both new and old email, if you miss it, if it goes to spam, if you receive while you're away and scammer has time to validate it, you're screwed.
Who knows what scammers are able to do, they could call customer service saying I lost my device which had my email and password managers saved on it I dont remember anything please help me this is my personal info + last credit card digits I have to prove my idendity + whatever blah blah blah they can craft.
Have scammers land on one unsuspecting customer service agent and it could be the end.
They could also have accomplices, think about companies with foreign offices like godaddy.
This just a simple ideas; Scammers have very elaborate and structured ideas plans.
So protect yourself, don't take this lightly.
Change your registrar emails.
And change email/passwords on afternic, dan, sedo, domainagents, etc.. etc..
And turn on 2FA.
Today I remembered domainagents so I changed password, and turned on 2FA. Guess I'll change all emails tomorrow.
Don't forget to change passwords at places like ADOBE, email/hosting providers, etc.. where you used the same email/password, as all could have additional data or cards saved in profiles which scammers could use to craft whatever they need to.
If you have ideas as to what must be done, examples of what can/has happened, you are welcome to share.
Thank you