alert Epik Had A Major Breach

Silentptnr · Sep 14, 2021

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

wwwulff · Sep 28, 2021

DirkS said:
https://twitter.com/x/status/1442604458446360577

Maybe it's just me who does not understand it, but what is this guy's agenda to publish the leaked emails and make them even more widely known?

Future Sensors · Sep 28, 2021

DirkS said:
https://twitter.com/x/status/1442604458446360577

@DAN.COM
@Sedo
@Joe Styler

Your Escrow accounts at Epik may be compromised.

Digital Nomad · Sep 28, 2021

wwwulff said:
Maybe it's just me who does not understand it, but what is this guy's agenda to publish the leaked emails and make them even more widely known?

I get your point, on the other hand we can make people aware of the situation and make them change their emails/passwords etc. before bad actors compromise people's accounts with this info, which is already circulating everywhere.

Future Sensors said:
@DAN.COM
@Sedo
@Joe Styler

Your Escrow accounts at Epik may be compromised.

sonatime · Sep 28, 2021

DirkS said:
https://twitter.com/x/status/1442604458446360577

bmugford said:
Cool, got a list of 24,000 domain related email addresses to sent spam emails to now.

Brad

This thread has sewered and needs attention from mods. Sharing hacked data and suggesting to exploit it? That's heroism

bmugford · Sep 28, 2021

sonatime said:
This thread has sewered and needs attention from mods. Sharing hacked data and suggesting to exploit it? That's heroism

Sometimes you just gotta make the best of a bad situation - jokes, sarcasm, parody, satire, mockery, etc.

Let's wait to hear from Rob then, since they have gone radio silent.... crickets.

Brad

Derek Peterson · Sep 28, 2021

Mahogany said:
I felt sick when I searched that and found my info. There needs to be some repercussions from this.

My info there as well.

Derek Peterson · Sep 28, 2021

DirkS said:
Lol for those interested, follow the guy on twitter. He's doing some interesting research. Haven't verified it myself but a lot of it seems to match up with what I already knew.

What guy?

jmcc · Sep 28, 2021

bmugford said:
Let's wait to hear from Rob then, since they have gone radio silent.... crickets.

Yep but this event may be the subject of a criminal investigation. It might be problematic for Epik employees to comment on it.

Regards...jmcc

Future Sensors · Sep 28, 2021

jmcc said:
Yep but this event may be the subject of a criminal investigation. It might be problematic for Epik employees to comment on it.

Maybe. Or priority was given to video meetings.

bmugford · Sep 28, 2021

jmcc said:
Yep but this event may be the subject of a criminal investigation. It might be problematic for Epik employees to comment on it.

Regards...jmcc

That very well might be true, but others are working to fill in a lot of the gaps in the meantime.

Brad

blockhead · Sep 28, 2021

FWIW, posting hacked materials may (depending on the circumstances) be against Twitter TOS and can be reported.

https://help.twitter.com/en/rules-and-policies/hacked-materials

It's a pretty weak policy tbh, but if your information has been posted inappropriately, you can report it.

It's a shame that some folks feel empowered to post innocent users' data, users who have nothing to do with the dark side of Epik's activities.

jmcc · Sep 28, 2021

Future Sensors said:
Maybe. Or priority was given to video meetings.

That wasn't the best of decisions but the thinking may have been that something had to be done.

Regards...jmcc

jmcc · Sep 28, 2021

bmugford said:
That very well might be true, but others are working to fill in a lot of the gaps in the meantime.

Brad

Yep and even with the data that's been published there's a lot of speculation.

Regards...jmcc

Start · Sep 28, 2021

Mahogany said:
I felt sick when I searched that and found my info. There needs to be some repercussions from this.

Yeah, this is insane! How foolish can this "researcher" be? He seems like he's the bad stereotype of a computer programmer who has no sense of moral and ethical aspects and responsibilities.

Just because you have the technical capability of doing something doesn't mean that you should. It's bad enough that the info was in the hacked database (but difficult to see info), but it's even worse when this guy purposely puts it into a simple spreadsheet and publicizes it.

He's violating people's privacy by publishing details on (doxxing) every single Epik customer... thousands of innocent people!

And almost 14,000 of the people (out of 24,000) on the list only have 1 domain with Epik. A lot are probably companies/people who simply bought a domain from someone else, and they happened to use Epik's sale system.

To the "researchers" reading this, you need to understand some important points:

As I detailed here:
https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-68#post-8408613

1) Most Epik customers (I would say 99%) are just regular people and companies.

2) Until about early 2019, I don't think Epik really even had any controversies. It was just considered another registrar.

3) People transferred or registered a lot of domains to/with Epik because of the low prices, excellent support, and the useful system they have for selling domains. Those were in place years ago, before the controversies in the past ~2 years.

4) And the #2 guy at Epik (Joseph) for years was actually a somewhat left-wing atheist (opposite of Rob). And I would objectively say that Rob and the staff are pretty nice in general interaction (the staff are also multicultural), so one wouldn't have expected how things went. But after the controversies started in 2019, that's apparently when Joseph left later that year. But a lot of customers already had a lot of domains at Epik by then.

5) And some registrars' control panels make it a hassle and a bit time-consuming to transfer domains out in bulk... and Epik is one of those. They're maybe average on that measure, but I think you have to do them one at a time, and that time adds up. That aspect is why there's a general tendency (at any registrar) for people to keep domains wherever they're already at.
...That's why I can see one example of someone who publicly parted ways with Epik, but still has a lot of domains there. And I even see companies that have had public disputes (over a year ago) with Epik in the list, and yet even they still had domains there as of February.
...For bulk accounts that had the special "Namepros pricing", Epik only got 7cents in profit ($0.07) per .com domain renewal, so it's not like Epik was getting funded by those customers anyway.

6) Most people wouldn't know about Epik's controversies. I periodically visit NamePros, and I didn't even know some of the stuff I've read in this thread.

So frankly, publicizing people's private information is irresponsible -- especially when so many "researchers" have incited/created a confused mob by acting as if 90%+ of Epik's customers are neo-nazis, when those are just a tiny fraction
(any fraction is too big, but realize that the vast majority of customers are just regular people).

It reminds me of Timberland clothing -- it became a trend for "chavs" (basically UK riff raff) to wear it, but most people who wear it are just regular people. If a bunch of chavs do something bad, it doesn't make sense to list every single person who bought Timberland clothing!

(Also, for Twitterati reading this, I'm no right-winger saying that, I'm just pointing out some facts. I'm someone who considers even the US Democratic Party to be somewhat right-wing, as I also wrote months ago here too: https://www.namepros.com/threads/br...h-of-his-domains.1230431/page-23#post-8191759 )

@Molly White You're the only one I've seen here (or at least who I remember) who is also active with the researchers on Twitter. So I hope you can relay this info to the guy who violated people's privacy by posting details on every single Epik customer. He's doxxing thousands of innocent people.

Silentptnr · Sep 28, 2021

sonatime said:
sure, "no snowflake in an avalanche ever feels responsible", my wild guess would be you have been gaslighting this thread since day one.

Actually, @bmugford has been a great contributor to this thread. I feel you are being disrespectful considering you recently joined the thread.

Silentptnr · Sep 28, 2021

sonatime said:
This thread has sewered and needs attention from mods. Sharing hacked data and suggesting to exploit it? That's heroism

I would agree a comment like the one you pointed out could be moderated.

Derek Peterson · Sep 28, 2021

Several of my posts have been removed because Rob Monster shills keep reporting them so let me restate my position on page 70.

Epik's security was so poor that I believe this hack was an inside job, meaning someone at EPIK intentionally left the doors open so the data could be "hacked".

EPIK's VP Robert Davis seems like he is deeply entrenched in intelligence agencies and those types love to get this kind of data of right wing activists. He is also cryptologist expert, so I find it odd EPIK had such poor security in place, and by odd I mean suspicious.

Using 3rd parties to "hack" data is an easy way for FBI to get access to the data AND be able to use it to prosecute people for "crimes" such as hate speech or colluding on Jan 6th or whatever. If they took it themselves it would not be admissible in a trial but now that it is public they can. Gab recently pulled the same stunt when they added a ridiculous sql injection vulnerability to their code by "accident" and were hacked and all user data was also published online.

We know the FBI has been in frequent communications with EPIK and Rob this year, probably because of all the Jan 6th drama because several internal communications were also leaked as part of this "hack".

I have known Rob Monster for many years and I have seen him lie and manipulate many, many times. He uses Christianity to get people to put down their defenses so he can manipulate them. (I am a born again, Bible believing Christian).

However, if this was just an incredible example of incompetence the fact of the matter is that it was brought about because Rob Monster has a long history of not caring about user privacy or security as demonstrated when he launched a fake VPN several years ago, claiming to own it when in fact it was actually a white label that he had no control over. When confronted with this fact he threatened me and others with court actions or even physical harm, tried to get me banned everywhere (including on this site) and slandered me by calling me all sorts of names ON THIS SITE, which was never removed, although I don't report such things because I am a man.

In conclusion, whether this hack was intention or just incompetence, the bottom line is that Rob Monster and EPIK should not be trusted if you are someone doing sensitive things that could put you in jeopardy if your info is revealed.

noneisnone · Sep 28, 2021

@Derek Peterson you have so much information we thank you for providing us with it but if you can let go of the condescending and belittling comments am sure no one would mind your posts matter of fact they will appreciate it

the aggressive comments in regards to rob makes it seem personal which takes the light off the information you provide

Shackleton · Sep 28, 2021

Does anybody know if Epik had cyber insurance? Maybe they are too small to carry this coverage.

Derek Peterson · Sep 28, 2021

noneisnone said:
@Derek Peterson you have so much information we thank you for providing us with it but if you can let go of the condescending and belittling comments am sure no one would mind your posts matter of fact they will appreciate it

the aggressive comments in regards to rob makes it seem personal which takes the light off the information you provide

I am doing the best I can but I am not a robot. People are going to have their lives ruined because of this "hack", some will be killed. Perhaps you should care a little more about others.

Derek Peterson · Sep 28, 2021

Shackleton said:
Does anybody know if Epik had Director's and Officer's liability or cyber insurance?

I would be surprised if they didn't have errors and omissions insurance but sue them anyway

noneisnone · Sep 28, 2021

@Derek Peterson my bad for trying to help broski keep doing you

sonatime · Sep 28, 2021

Silentptnr said:
Actually, @bmugford has been a great contributor to this thread. I feel you are being disrespectful considering you recently joined the thread.

Fair enough, maybe without context, it sounded out of place. I would have preferred the thread to be informative, as many of us would like to keep up and learn from this. Epik not commenting is probably par the course in times like these. That being said, anything with Epik turns to politics and fringe hate stuff and culminating in domainers posting criminally obtained doxxed info of other domainers in the thread. No self filter, no critical thought, only enthusiasm.

Not long ago, Brad was anti doxxing, law violations, TOS violations when it came to abortion sites etc., but when doxxed info arrived here in the thread, it was a smiley face.

topdom · Sep 28, 2021

One way to hack sites, I suspect... Whoever controls SSL system may steal lots of login info. To get a working SSL cert, you need to pass through a few companies, otherwise browsers won't recognize those certs as valid. Those few companies can sniff traffic and steal critical data...(I may be totally wrong..because I'm naive in this topic), I mean, they would have a backdoor to decode data. Self-signed certs would be safe to a company but maybe not look safe to others, and those elite SSL companies may take advantage of this situation, and a site with self-signed certificate looks unsecure (browser warning), while nonssl sites may look ok.

carob · Sep 28, 2021

carob said:
There is another angle of Epik that could invite investigation, especially of customers: Tax.

Rob Monster had been advertising their escrow services on here saying that could help sellers transact "tax-free": That certainly could attract attention.

https://www.namepros.com/threads/if...ng-time-and-money.1119508/page-2#post-7080342

Which was in reply to this claim: https://www.namepros.com/threads/if...-wasting-time-and-money.1119508/#post-7079390

In the UK you have to say on your tax return if you used any tax avoidance schemes. Forget to say so, get in trouble later. Say yes and you have to identify what you did so the taxman can look into it.

Someone else now raising the tax angle:

https://twitter.com/x/status/1442591664908865538

alert Epik Had A Major Breach

Domains88.comTop Member

Top Member

78% of human domainers will be replaced by robotsTop Member

Top Member

Top Member

www.DataCube.comTop Member

Top Member

Top Member

Top Member

78% of human domainers will be replaced by robotsTop Member

www.DataCube.comTop Member

TruckerTop Member

Top Member

Top Member

Established Member

Domains88.comTop Member

Domains88.comTop Member

Top Member

Attachments

444Top Member

Established Member

Top Member

Top Member

444Top Member

Top Member

Top Member

Top Member

Similar threads

We're social

Pinned

Appreciation

Agreement