alert Epik Had A Major Breach

Silentptnr · Sep 14, 2021

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

Paul · Oct 5, 2021

The forced password reset process on NamePros was causing confusion. The process has been tweaked in an attempt to provide a clearer resolution path for affected members.

Notably:

The error message has changed.
The password reset email is sent automatically upon attempted login without further action required by the user.
There is a giant, bold, red message on the error page indicating that a password reset is required.
Further attempts to access the login form will fail, instead displaying the same error. This behavior persists via a cookie for one hour or until a password reset is performed, whichever happens first.

I have not read the recent messages in this thread, as I've been busy troubleshooting, talking to other developers, and attempting to improve the password reset process. We've never had a forced password reset affect this many active users, so it will be a learning process. If you would like to bring specific content to the moderators' attention, please use the "Report" link below each relevant post.

mr-x · Oct 5, 2021

This is an unnecessary dump on Epik. One has nothing to do with the other.

Molly White said:
Epik is now accepting Twitter DMs for price inquiries on carryout.com . No word, naturally, on whether they will be answering any of the many inquiries their existing customers have made about the safety of their data and assets. They've also deleted their prior tweet that informed their customers of the hack (archived).

https://twitter.com/x/status/1445453223330861056

Future Sensors · Oct 5, 2021

Thank you @Paul for your continued efforts to keep this forum safe and secure.

Particularly during CyberSecurity Awareness Month 2021

Derek Peterson · Oct 5, 2021

mr-x said:
This is an unnecessary dump on Epik. One has nothing to do with the other.

I think her point, which is a valid one, is that Epic has not revealed the 2nd or 3rd hacks and has even removed their notification of the first hack without giving any more updates to users and just went back to business as usual like nothing ever happened.

Derek Peterson · Oct 5, 2021

bmugford said:
Again, @Molly White (who posted above) was targeted by Epik for simply being a Wikipedia editor that they disagreed with.

https://www.namepros.com/threads/epik-wikipedia-battle-is-full-on-right-now.1186029/

It lead to harassment, threats, intimidation, and doxxing from parties connected to or supporters of Epik.

Joey Camp, also alleged that he was involved with Rob when it came to Molly White.

When and where did he make that post?

bmugford · Oct 5, 2021

Derek Peterson said:
I think her point, which is a valid one, is that Epic has not revealed the 2nd or 3rd hacks and has even removed their notification of the first hack without giving any more updates to users and just went back to business as usual like nothing ever happened.

Well said. That is exactly my takeaway as well, which I think is highly relevant to the data breach and Epik's response, or lack of, to it.

Brad

bmugford · Oct 5, 2021

Derek Peterson said:
When and where did he make that post?

I saw the screenshots on Twitter, but I believe they are from Gab. I am not a member of Gab, Telegram, or any similar type websites.

I believe it was right after the video chat, where Rob basically threw (or pretended to throw) him under the bus, and disable his website.

There are more in post 698 (page 28) of this thread.

Brad

Derek Peterson · Oct 5, 2021

bmugford said:
I saw the screenshots on Twitter, but I believe they are from Gab. I am not a member of Gab.

I believe it was right after the video chat, where Rob basically threw (or pretended to throw) him under the bus, and disable his website.

There are more in post 698 (page 28) of this thread.

Brad

That is really incredible. Proof Rob conspired with Joey to mess with @Molly White just because he was mad at some dumb wiki entry. WOW! Rob gonna get prosecuted, criminally. I guess he thinks he is like a gangsta or something.

Molly White · Oct 6, 2021

Derek Peterson said:
When and where did he make that post?

Rob Monster has repeatedly targeted me with harassment and legal threats, and encouraged others to do the same, over about two years now. Some of you may have been around for particularly local examples of it (https://www.namepros.com/threads/epik-wikipedia-battle-is-full-on-right-now.1186029/ and https://www.namepros.com/threads/please-sign-this-petition-to-help-mr-rob-monster.1186329/).

In February I was doxxed by a particularly vile man named Joey Camp, whose doxxing site targeting people he believes to be "Antifa" is hosted at Epik. I have suspected for some time now that Rob might have been involved in Joey targeting me after Monster's own attempts at , as I am quite unlike Joey's usual targets (typically journalists and people who are heavily involved in antifascist activism and organizing; I am neither) and his "complaints" about me echoed Rob's. Joey confirmed this later, when he got angry at Rob for taking down one (and only one; many are still active at Epik) of his doxing sites. You can see some of the threats I enjoyed from Joey in the thread at

https://twitter.com/x/status/1439285832758726662

Joey's confirmation about working at Rob's behest was screenshotted in

https://twitter.com/x/status/1439269174346457088

He also wrote this: https://web.archive.org/web/2021091...1/09/yourdaddyjoeys-separation-from-epik.html.

bmugford · Oct 6, 2021

Derek Peterson said:
That is really incredible. Proof Rob conspired with Joey to mess with @Molly White just because he was mad at some dumb wiki entry. WOW! Rob gonna get prosecuted, criminally. I guess he thinks he is like a gangsta or something.

I will let the legal authorities make that decision, but the allegations certainly deserve to be investigated.

I feel bad for @Molly White for what she has gone through with this ordeal. I also appreciate her standing up for herself, and the others that have taken stances against these unacceptable actions as well.

Brad

sonatime · Oct 6, 2021

DirkS said:
I agree. The motives are clear. Wrong or right, when it comes down to it, the big takeaway from this thread/hack is the poor security in place at E. Something that affects a lot of clients, no matter what you think/feel about them.

I am all for seeing what went wrong and how the hack took place and whether it was an inside job.
But so far, this thread has become a red carpet for hacker Public Relations, justifications, and ideologies.

Mr. Glomar, someone who claims to have hacker recruiting experience, shares interesting psychological insights of "hackers":

Even if they survive "this", will they survive the "next one" and the one after that?

Even the most resilient people don't psychologically handle repeat attacks well at all, eventually most customers will conclude "enough is enough" and leave. A certain group of people will stay, but ultimately they'll be forced to leave when the business runs out of resources.

Not just customers, staff too.

Employees don't want to be associated with massive failures like this that are all over the news, and they're currently discovering a lot of stuff about their employer that they were probably oblivious to.

The level of impact these attacks will have on employees largely depends on culture, where they actually live and their family circumstances. Regardless, they'll likely be "very worried" about their future at best, which will lead to them keeping an eye out for other opportunities.

I believe the threat will persist, it isn't over yet in my opinion.

This red carpet treatment for a criminal activity that exposes thousands of innocent people and putting lives in danger should be abhorrent.

Derek Peterson · Oct 6, 2021

Molly White said:
Rob Monster has repeatedly targeted me with harassment and legal threats, and encouraged others to do the same, over about two years now. Some of you may have been around for particularly local examples of it (https://www.namepros.com/threads/epik-wikipedia-battle-is-full-on-right-now.1186029/ and https://www.namepros.com/threads/please-sign-this-petition-to-help-mr-rob-monster.1186329/).

In February I was doxxed by a particularly vile man named Joey Camp, whose doxxing site targeting people he believes to be "Antifa" is hosted at Epik. I have suspected for some time now that Rob might have been involved in Joey targeting me after Monster's own attempts at , as I am quite unlike Joey's usual targets (typically journalists and people who are heavily involved in antifascist activism and organizing; I am neither) and his "complaints" about me echoed Rob's. Joey confirmed this later, when he got angry at Rob for taking down one (and only one; many are still active at Epik) of his doxing sites. You can see some of the threats I enjoyed from Joey in the thread at
https://twitter.com/x/status/1439287162818764800

Joey's confirmation about working at Rob's behest was screenshotted in
https://twitter.com/x/status/1439269174346457088

He also wrote this: https://web.archive.org/web/2021091...1/09/yourdaddyjoeys-separation-from-epik.html.

That is really outrageous. A middle aged, multi-millionaire, "Christian", CEO of a pretty big company hires some dude to dox and harass a young woman on the internet because he didn't like her wiki entry. That is literally one of the craziest and weirdest things I have every heard and makes me very angry. You should sue the daylights out of him.

It also matches very well with his response to the hack.

Do you have the original screenshots from Joey that show the whole discussion?

Molly White · Oct 6, 2021

Derek Peterson said:
That is really outrageous. A middle aged, multi-millionaire, "Christian", CEO of a pretty big company hires some dude to dox and harass a young woman on the internet because he didn't like her wiki entry. That is literally one of the craziest and weirdest things I have every heard and makes me very angry. You should sue the daylights out of him.

It also matches very well with his response to the hack.

Do you have the original screenshots from Joey that show the whole discussion?

Not yet.

Future Sensors · Oct 6, 2021

https://twitter.com/x/status/1445210984574959617

Derek Peterson · Oct 6, 2021

Molly White said:
Not yet.

Please let me know when/if you get it. If you start a gofundme to file a lawsuit I will donate.

I'm sure Monster has hired investigators on me based on some of the things he has said to me but I seriously doubt he would ever do anything to me that could be tied back to him. Torba and his mommy incited some mentally ill guy against me who then doxed me and said he would kill me by the end of week, dude lived like 20 minutes from me but sadly, well partially sadly, the guy killed parents dog with a kitchen knife the next day because there were demons.

https://www.washingtonpost.com/news...s-hes-the-second-coming-of-christ-police-say/

sonatime · Oct 6, 2021

Derek Peterson said:
Wrong thread guys.

You might be right, just don't be alt-right

On a serious note If you think someone is selling child porn behind a paywall you need to contact Law Enforcement and or local DA with your evidence.
Have you done that?

there are penalties for failure to report child abuse
https://www.childwelfare.gov/topics/systemwide/laws-policies/statutes/report/

Derek Peterson · Oct 6, 2021

sonatime said:
You might be right, just don't be alt-right

On a serious note If you think someone is selling child porn behind a paywall you need to contact Law Enforcement and or local DA with your evidence.
Have you done that?

there are penalties for failure to report child abuse
https://www.childwelfare.gov/topics/systemwide/laws-policies/statutes/report/

I literally made a video and sent it to multiple, including FBI. IMHO Gab is a fed honeypot so the feds let things go "for the greater good".

jberryhill · Oct 6, 2021

sonatime said:
there are penalties for failure to report child abuse

Only if one is employed in a role designated as a “mandatory reporter” under the law of a particular state. There are no generally applicable penalties for failure to report any crime. Don’t be silly.

Persons in certain occupations - teachers, physicians, nurses, law enforcement officers, and a few others - are required to report suspected child abuse, and can face penalties for not doing so. If you are suggesting there is some generally applicable duty, then it would appear you have not actually read the materials available at the site you linked.

sonatime · Oct 6, 2021

Derek Peterson said:
I literally made a video and sent it to multiple, including FBI. IMHO Gab is a fed honeypot so the feds let things go "for the greater good".

Thank you for doing that. I would not want to be in a position to decide what is the greater good, stopping a crime or continue to investigate in order to catch more.
From an article a few years back I vaguely remember, the FBI employs an obscene amount of informants and tolerates a lot of crime in the process. This is why it is hard to accept "hackers" being independent and driven towards some greater good. Most are probably picked up, and if they are talented enough, their skills will be employed.

Another too real quote by Mr. Glomar from this thread:

As someone with a lot of experience in identifying, vetting and recruiting hackers for a number of intelligence services I can answer question to some degree.

The answer is "very few".

It's better to recruit hackers earlier, as soon as they've been identified as having the right skills.

Most people "want to do good", and that includes "black hats".

sonatime · Oct 6, 2021

jberryhill said:
Only if one is employed in a role designated as a “mandatory reporter” under the law of a particular state. There are no generally applicable penalties for failure to report any crime. Don’t be silly.

Persons in certain occupations - teachers, physicians, nurses, law enforcement officers, and a few others - are required to report suspected child abuse, and can face penalties for not doing so. If you are suggesting there is some generally applicable duty, then it would appear you have not actually read the materials available at the site you linked.

Thanks setting things in the clear.
Then I hope everyone will do what @Derek Peterson did.

I'm sure many thread readers would love to hear your perspective on the current situation.

mr-x · Oct 6, 2021

sonatime said:
Thanks setting things in the clear.
Then I hope everyone will do what @Derek Peterson did.

I'm sure many thread readers would love to hear your perspective on the current situation.

It seem you can accuse a man of selling illegal drugs, child porn and a half dozen other felonies but if you ask if the crimes reported or followed up on, you get more questions than the people making the accusations.

Weird.

mr-x · Oct 6, 2021

Derek Peterson said:
I think her point, which is a valid one, is that Epic has not revealed the 2nd or 3rd hacks and has even removed their notification of the first hack without giving any more updates to users and just went back to business as usual like nothing ever happened.

So they ( epik ) should stop doing business, keep you filed in on the day to day operations until you are satisfied the problem has been solved?

The hack has had national coverage online, in print and TV broadcast.

Bravo Mod Team · Oct 6, 2021

Attention:

We’re not going to keep cleaning up the messes being created daily in this thread.

Stay on topic.

Thread bans to follow.

Kirtaner · Oct 6, 2021

I don't know about you guys but personally I find it highly insulting to their customers that their response to the breach(es) was deleted, they're attempting to memory hole it, they haven't made any statements on the second and third MSM-reported releases, which included their core infrastructure and Gitlab server containing all of their source code repositories, the knock-on effect it's had directly on their customers, also in a high-profile fashion, the list goes on.

The Legion isn't something to be trifled with and Rob is pressing his luck here. This is not a threat, this is simply helpful advice from a representative.

Samer · Oct 6, 2021

Kirtaner said:
I don't know about you guys but personally I find it highly insulting to their customers that their response to the breach(es) was deleted, they're attempting to memory hole it, they haven't made any statements on the second and third MSM-reported releases, which included their core infrastructure and Gitlab server containing all of their source code repositories, the knock-on effect it's had directly on their customers, also in a high-profile fashion, the list goes on.

The Legion isn't something to be trifled with and Rob is pressing his luck here. This is not a threat, this is simply helpful advice from a representative.

Epik will build back better.

alert Epik Had A Major Breach

Domains88.comTop Member

Tech, NamePros

Account Closed (Requested)

78% of human domainers will be replaced by robotsTop Member

Top Member

Top Member

www.DataCube.comTop Member

www.DataCube.comTop Member

Top Member

Established Member

www.DataCube.comTop Member

Top Member

Top Member

Established Member

78% of human domainers will be replaced by robotsTop Member

Top Member

Top Member

Top Member

Top Member

Top Member

Top Member

Account Closed (Requested)

Account Closed (Requested)

Moderator, NamePros

Established Member

Top Member

Similar threads

We're social

Pinned

Appreciation

Agreement