Dynadot

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Does anybody know if Epik had cyber insurance? Maybe they are too small to carry this coverage.

Any legit company that serves customers should carry some type of business liability insurance, though I have no idea what it would actually cover in this case.

Brad
 
0
•••
Any legit company that serves customers should carry some type of business liability insurance, though I have no idea what it would actually cover in this case.

Brad
It's a complicated mess - In the UK I think it would be Cyber & Data Risk Insurance but you might also need online business insurance mixed in with product liability insurance, so most likely a bespoke plan....

I'm no expert by any means on UK Insurance policies and would not even know where to begin for other countries
 
2
•••
Fair enough, maybe without context, it sounded out of place. I would have preferred the thread to be informative, as many of us would like to keep up and learn from this. Epik not commenting is probably par the course in times like these. That being said, anything with Epik turns to politics and fringe hate stuff and culminating in domainers posting criminally obtained doxxed info of other domainers in the thread. No self filter, no critical thought, only enthusiasm.

Not long ago, Brad was anti doxxing, law violations, TOS violations when it came to abortion sites etc., but when doxxed info arrived here in the thread, it was a smiley face.

Fair enough, but it was a joke. Obviously.

Sure, it sucks but the vast majority of these emails are likely already on all the domain spam lists, as people have been scraping new registrations for years when it comes to SEO, web design, and other spam.

Again, I have also been "pwned" in this data breach, likely because I had an account a decade ago with InTrust domains, before Epik acquired them and way before any of the controversy with Epik. Outside that I have really had nothing to do with Epik. I would rather not be on the list as well.

Brad
 
Last edited:
0
•••
4
•••
It's a complicated mess - In the UK I think it would be Cyber & Data Risk Insurance but you might also need online business insurance mixed in with product liability insurance, so most likely a bespoke plan....

I'm no expert by any means on UK Insurance policies and would not even know where to begin for other countries

Sure you can. However, such an insurance can make exceptions to what is covered, for example in the event of negligence.

With regard to the processing and storage of credit card data, the applicable requirements do not appear to have been acted upon. The company has also stated that it has used "shitty russian code". Some statements made about a service like WhoQ.com may not have been helpful too (RM: "WhoQ.com, for making WHOIS work properly again after GDPR and RDAP broke it")

Further reading:

Shouldn’t cyber-insurance cover negligence?
https://www.lexology.com/library/detail.aspx?g=4c0f46db-bd82-40b0-b04b-b165229ef08e
 
Last edited:
2
•••
I was just looking on Twitter and saw a link to this article:

https://bangordailynews.com/2021/09...of-web-company-that-serves-far-right-clients/

This article is an example of what I wrote about in detail here:
https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-70#post-8408804

The "researchers" on Twitter are giving people the impression that most Epik customers are neo-nazis or similar... even though I'd say 99% of Epik customers are regular people, many of whom became customers years ago, when Epik was just another registrar and not controversial.

So now journalists like that reporter, who maybe have never even registered a domain (or at the very least, don't know much about registrars in general) are spreading that impression.

Average people who see the title "190 Mainers’ data exposed in hack of web company that serves far-right clients" are going to assume that most of the customers are far-right. You can see that in the comments below the article too.

People on Twitter ("researchers" or others who should know better) need to realize that most Epik customers are regular people (not far-right), and stop acting like they're mostly neo-nazis.

And think about the ramifications of that, instead of doxxing every single Epik customer!

I wrote more here:

https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-70#post-8408804
 
Last edited:
9
•••
One way to hack sites, I suspect... Whoever controls SSL system may steal lots of login info. To get a working SSL cert, you need to pass through a few companies, otherwise browsers won't recognize those certs as valid. Those few companies can sniff traffic and steal critical data...(I may be totally wrong..because I'm naive in this topic), I mean, they would have a backdoor to decode data. Self-signed certs would be safe to a company but maybe not look safe to others, and those elite SSL companies may take advantage of this situation, and a site with self-signed certificate looks unsecure (browser warning), while nonssl sites may look ok.

When you secure a website with a SSL cert, you have to generate a private key. This key remains private (it is stored on a server where the site is hosted, obviously). What can the companies like Lets Encrypt do is to track what sites are visited, how frequently, and from what IPs. This is because the browsers tend to verify the certificate validity each time you visit httpS webste. How? By contacting the certificate issuer, in the background (is the cert. good and not revoked?). Saying nothing about Safe Browsing setting which is frequently ON by default - each visited site is reported to google or another safety provider - all for your safety of course.

What actually happens with each particular browser+website combo may vary, it depends on different settings on both ends, and going that deep would be offtopic here. Google Chrome (at some point of time last time I checked - did not verify SSL validity, but had Safe Browsing ON)

Long story short - disable safe browsing and certificate validation if you want to minimize tracking...
 
Last edited:
5
•••
When you secure a website with a SSL cert, you have to generate a private key. This key remains private (it is stored on a server were the site is hosted, obviously). What can the companies like Lets Encrypt do is to track what sites are visited, how frequently, and from what IPs. This is because the browsers tend to verify the certificate validity each time you visit httpS webste. How? By contacting the certificate issuer, in the background (is the cert. good and not revoked?). Saying nothing about Safe Browsing setting which is frequently ON by default - each visited site is reported to google or another safety provider - all for your safety of course.

What actually happens with each particular browser+website combo may vary, it depends on different settings on both ends, and going that deep would be offtopic here. Google Chrome (at some point of time last time I checked - did not verify SSL validity, but had Safe Browsing ON)

Long story short - disable safe browsing and certificate validation if you want to minimize tracking...

I think topdom meant rogue certificate authorities, but it's not in the scope of this thread.
 
2
•••
Sure you can. However, such an insurance can make exceptions to what is covered, for example in the event of negligence.

With regard to the processing and storage of credit card data, the applicable requirements do not appear to have been acted upon. The company has also stated that it has used "shitty russian code". Some statements made about a service like WhoQ.com may not really help too (RM: "WhoQ.com, for making WHOIS work properly again after GDPR and RDAP broke it")

Further reading:

Shouldn’t cyber-insurance cover negligence?
https://www.lexology.com/library/detail.aspx?g=4c0f46db-bd82-40b0-b04b-b165229ef08e
That's a U.S case study....

So even if the insurers decide not to pay out you can still pursue a claim

Here in the U.K you could struggle with a negligence claim, even though it was in this instance - it would fall under data protection infringement with a small possibility that a negligence claim would not be completely off the table....

Would Epik still be covered for Data Protection Infringement? Either way they are in the sh*t......

UK High Court Ruling Restricts Scope for Data Security Breach Compensation Claims

"The key takeaway from this case is that potentially this ruling reduces the scope of compensation litigation risk for businesses for data security breaches, i.e. for what might be called “kitchen-sink” type claims where Breach of Confidence, Misuse of Private Information and Negligence are all thrown in. Instead, those seeking to make a claim are likely to only be able to rely on claims for infringement of data protection legislation. But, it remains conceivable that, depending on the given facts, an individual tries to argue that under Breach of Confidence and/or Misuse of Private Information, positive wrongful acts were committed by a business in a data security breach occurrence that give rise to a compensation claim."

https://www.corderycompliance.com/scope-restrictions-data-breach-comp-claims/
 
2
•••
It appears that social media researches are now trying to connect the dots: Epik, IP addresses, RIRs (Regional Internet Registries) and hosting/datacenter companies. Not an easy task, as one needs to have proper knowledge for such a research.

In mathematical logic, false imply everything. Golden rule :)

Resultingly, so far, the researchers are ending up with basically the following (or, they will in a few days):

51QiCImN+4L._SY445_.jpg


And, according to the researches, Epik plays a major role in the above.
 
Last edited:
3
•••
I made it to the top 300 customers ;D

Well it's sad to see my CC in a \"txtCC"\ field, with \"txtCVV"\. Sad story ;(

Also, Epik_Registrar_UploadedFiles_Loader seems to store documents in a directory, rather than a sql file.

Haven't seen those folders.


As for how hackers exploit servers. Gaining root access to a server is just a matter of exploiting a daemon listening and injecting shellcode. Such as an overflow in sshd found by debugging the elf, or even some vulnerable part of zend code.

What usually happens is that after a hacker gains access, a monitoring service should invoke a shutdown mechanism, such as a kernel panic. That is why Gmail servers can be hacked, but the data will almost never survive the hack.

The simple explanation for dropcatching is that it starts with the WHOIS record. There were quite a few of those in the Epik dataset. A WHOIS record will have the creation date for the domain name, its expiry date and its last modified date. When you have that data, you know when a domain name is up for renewal and likely to drop if not renewed.

It's trivial to figure domains that enter Redemption, as you know just downloading the zone file and doing sort | uniq -u, will give you the domains with changed status (deleted from zone).

As for creation_date and exp_date, you can send 150 million TCP packets to verisign whois, will give you full data in under an hour, using several IPs if needed.

So I don't think anyone gains any useful insight with the leaked 1 million whois data. Only the owner details of course.
 
Last edited:
9
•••
@DAN.COM
@Sedo
@Joe Styler

Your Escrow accounts at Epik may be compromised.
Even if they sold sexynazis.com and took hold of it.
A simple PR statement would be all it takes to save their reputation.
Meanwhile somehow might have leaked all of their customers data.
Like a kid who stole candy and knows his mother saw him, he's waiting to see how things unfold.

Will it be the end.
Or more lemonade?
 
2
•••
What I want to see is a list of the aftermarket domain sales that happened at Epik, with prices.

For instance, all .com domains where sale price was greater than, say, $100.

@Michael @Ron Jackson @GeorgeK @Joe Styler
 
Last edited:
0
•••
Epik doesn't report anything, as I know.
And DNJournal doesn't publish .com sales below $2K.
 
0
•••
What I want to see is a list of the aftermarket domain sales that happened at Epik, with prices.

For instance, all .com domains where sale price was greater than, say, $100.

@Michael @Ron Jackson @GeorgeK @Joe Styler

That would be illegal, and very sleazy. Someone doing that is risking getting sued by either the buyers or sellers... and especially some of the buyers would include very large companies with deep pockets to sue.

Before 2-3 years ago, Epik was just a regular registrar that also had a sale system (like Dynadot, NameSilo, etc.), and even now, I bet a lot of Epik customers don't know about the controversies. The customers are victims of this hack, and there's no reason to victimize people further.
 
Last edited:
9
•••
It's trivial to figure domains that enter Redemption, as you know just downloading the zone file and doing sort | uniq -u, will give you the domains with changed status (deleted from zone).
The zone file does not include domain name status. It would be be necessary to compare the extracted lists of domain names from two zone files to detect which which domain names from the older list had been deleted. The problem is that the larger registrars, including Epik, no longer leave potentially valuable expired gTLD domain names go through the natural deletion process.

Rather than seeing a domain name drop from the zone, the first sign of a non-renewed domain name may be a change of website IP or a PPC parking/sale page instead of the previous website content. That may not even require a change to the WHOIS record if the registrar is providing DNS service. If the domain name is not hosted on the registrar's nameservers then this information will change and that may be seen in an updated set of nameservers for the domain name in both the zone file and the WHOIS record. (A slightly different kind of changed status to a deletion.) An updated WHOIS record may help determine if it was an expiration shift or the registrant moving to a new registrar. All expiring domain names are not targeted for resale. There are hundreds of millions of domain names that were registered, were deleted and were never reregistered. Some will go through the natural renewal/delete process but may be picked up by dropcatcher registrars if there is some interest in them. Think of it like a trickle-down process.

Previously, this was the cycle: registration - usage - renewal/deletion.

Now there are two paths for expired domain names:
Registration - usage - expiry (if valuable, registrar -> auction site).
Registration - usage - expiry - deletion.
After deletion, the dropcatcher registrars may quickly reregister a dropped domain name.

The "good" domain names are generally moved to auction sites for sale. Beyond the basics, (aged, short, single word, high value keyword, good backlinks, age) evaluating what is a good domain name can be a difficult task. According to some tweets, there appears to be some traffic data on Epik hosted redirects. That can be quite useful in determining potentially valuable domain names.

So I don't think anyone gains any useful insight with the leaked 1 million whois data. Only the owner details of course.
If Epik, or whoever scraped the records, was targeting potentially valuable domain names then it has done some of that research. If there is pricing, backlinks, website authority ranking data and keyword breakdowns, then it may provide a lot of insights.

Regards...jmcc
 
Last edited:
5
•••
Already 2 weeks since this thread was started...
And volume of people with Stockholm syndrome is trending up...
 
1
•••
The number one problem with people is "everything is about me".
They try to search the internet and prove that they know more than other people and if someone does not agree with them then they start to fight.
That's why there are a lot posts that are off topic.
They need to focus on how to get more details about the incident in order to help the victims who are the customers in this case.

And the last thing they should stop is defending Rob or Epik.
It's so obvious that Rob screwed a lot of customers so stop defending him.
If you are still in love with Rob then send him a personal love letter/email, don't post here.
Also personal attack does not make you a hero. It's just wasting people time.
 
Last edited:
7
•••
That would be illegal, and very sleazy. Someone doing that is risking getting sued by either the buyers or sellers... and especially some of the buyers would include very large companies with deep pockets to sue.

Before 2-3 years ago, Epik was just a regular registrar that also had a sale system (like Dynadot, NameSilo, etc.), and even now, I bet a lot of Epik customers don't know about the controversies. The customers are victims of this hack, and there's no reason to victimize people further.
The person sharing that info is the least of their worries.
Customers include those big domain buyers who created an account and made a purchase.
They were also leaked.
Domain. Price. Name. Address. Email. Phone number. Credit card details. Password... forget about NDA.

The info has already been made public (through epiks security measures), only a matter of time until some twitter account posts it.
 
1
•••
Previously, this was the cycle: registration - usage - renewal/deletion.

Now there are two paths for expired domain names:
Registration - usage - expiry (if valuable, registrar -> auction site).
Registration - usage - expiry - deletion.
After deletion, the dropcatcher registrars may quickly reregister a dropped domain name.

I have noticed that some domains are just kept in limbo,

They don't exactly go through the expiry cycle and they don't go to auction.

It appears that some registrars want to bypass the ICANN rules in order to keep certain valuable domain names for themselves.

It used to be that Registrars were prohibited in engaging in direct competition with the Registrants over domain names,

But now that the Registrars (and some Registries) are amassing very large portfolios themselves it seems that many of the original rules are now being ignored.

IMO
 
0
•••
even though I'd say 99% of Epik customers are regular people, many of whom became customers years ago, when Epik was just another registrar and not controversial.

There’s a saying ‘You are the company you keep’.

I’m sorry but I don’t buy into the whole “99% of people who use Epik are regular people” regular people wouldn’t drink in a bar if this bar had a sign on the front door saying ‘Nazi’s/extremists welcome’ if you choose to still drink in this bar after seeing this sign, that says something about who you are as a person.
 
Last edited:
3
•••
It appears that some registrars want to bypass the ICANN rules in order to keep certain valuable domain names for themselves.
That ICANN rule on registries not owning substantial shares in registrars was changed a few years ago. Think it was just before the launch of the 2012 round of new gTLDs.

Some domain names may also be frozen due to legal action.

Regards...jmcc
 
1
•••
In a way you got to feel a little sorry for Rob, I mean he had to meet all his payrolls and registrar and registry fees and all he had to work with was mainly a bunch of Nazis and Domainers.

I wonder which group was worse, at least the Nazis didn't keep twisting his arm everyday asking for discounts. :xf.wink:

You're right @oldtimer, Nazis are less worse than domainers. LMAO

Tell me who your friends are and I'll tell you who you are.

No one twisted Rob's arms for discounts. It was a business decision to draw customers away from the competition.


That comment of yours is very surprising and very telling.

I am looking at this situation as an impartial and unbiased observer,

I don't belong to any extremist groups whether on the Right or on the Left as I believe that those who are controlled by any kind of extremist ideologies are not capable of seeing the big picture.

There is so much about Race and Racism that people don't know or that they choose to ignore.

I might open a thread to Discuss Race and Racism in the near future if that's okay with @Paul (I have promised him not to be too disruptive with my comments and threads here on NamePros).

IMO

PS: I don't want the Mods to open a thread on my behalf. I'll do it myself if and when I am ready to do so.
 
0
•••
That ICANN rule on registries not owning substantial shares in registrars was changed a few years ago. Think it was just before the launch of the 2012 round of new gTLDs.

I know that, but what about the Registrars keeping the domains for themselves.
 
Last edited:
0
•••
I know that, but what about the Registrars keeping the domains for themselves.

This is nothing new. Registrars have been warehousing domains for years whether it is directly allowed or not.

Web.com (Network Solutions) & New Venture Services Corp as an example.

Brad
 
Last edited:
4
•••
Back