I've been in Rob's shoes before. My user table on a few hundred thousand members was breached and downloaded. A full password reset might be necessary but you should only do that AFTER you are 100% sure of what happened and have secured the site. Worse thing to do is PW resets then find out that you are breached again. As long as the PW's are salted and of certain difficulty they will mostly be hard to break. As a standard everyone should use 12 characters min (upper, lower, digits, and special chars).
I'm gonna assume they are going nuts securing everything and making the changes needed. Has anyone yet lost a domain? If not, then don't panic. This imho will make Epik stronger. When you start off it's not always easy to know how big you'll get and what security measures you will need. People think it's just a few button clicks for security. You have to code all this crap. Their Federatated single-login feature was probably a bitch to integrate.
https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617
That's alarming because it's possible they sent delete notices to ICANN for those domains. I've checked my own domains. None show as PendingDelete.
I would think ICANN and the registries would work with Epik to fix any mass domain theft or deletion. It's not like they can't do that.
I doubt Rob is "hiding". My guess is that he has hands full. Is probably on tilt a bit over this too. I know exactly what he is going through. It's not a comfortable moment. He has people posting from Epik. And I am sure he wants to wait till he has everything secure and all the information possible before making statements. He can't come here and be like "we're working on it, we're not sure, we don't think so" because he would just get attacked and we'd see more panic.
The situation imho can take 7-15 days to absolutely fix. And you don't waste time on a forum. You work as fast as you can because your business is at stake.
Overreacting? To what appears to be one of the most complete data breaches?
There has been much worse breaches. Example is Equifax. Again, no one is reporting lost domains. Your credit card data being exposed isn't abnormal. By now everyone I know has at one point or another had their CC stolen. Figure out what's at Epik and report it lost if you so worried. For free your credit card company will replace it. You lose nothing but maybe a bit of hassle.
btw, stuff like this is why blockchain based domain registration make a lot of sense.
I really feel bad for the guy. I respect that he rubs people the wrong way with his religious beliefs. But show some tolerance. People are okay being nice to a guy wearing a dress more than wearing a cross.
imho, you don't allow any domains out unless manually reviewed and you disallow any domain deletions. I think domainers can hold off on sales until their portfolios are secure.
Guys, Epik allows crypto. Suggest if you don't use crypto yet, you begin now.
And to the comment that Epik is liable. You have to prove damages. Most of the legal requirements from a company in a breach are to inform the public. Typically they get into trouble by trying to keep it secret. And credit monitoring is mostly free to people now via their CC company or bank.
Epik will be fine imho. Some damage will happen but Rob is tough, he'll stick it out. I ain't moving a single domain.