Dynadot

information Epik and your plan

NameSilo
Impact
8,258
I know there are a lot of members here have account with Epik so the information from you may help other members.

1. How many names do you have with Epik
2. Are you worried and what's your plan NOW and when the hacking is OVER
 

omelet

Top Contributor
Impact
1,701
I don't care if he likes him or not but not coming to the thread and attack me.
I did not say anything wrong with Rob. He is blindly defends Rob regardless of the situation.
This thread is not about Rob but what would you do in this situation.
ppl freely express their preferences. Look like you attacked them first.

I respect your choice, that's no problem. but it doesnt make sense to blame and attack ppl who different from you.
 

omelet

Top Contributor
Impact
1,701
I know Rob but I don't know him deep. Maybe he is the worst guy. I don't know that deep. Based on my personal experiences, Epik is better than most of others and Rob as a CEO do offer me help and treat me with respect. Do you believe Godaddy, Dynadot, NSI, CEO cares who you are?

Everyone is complicated, everyone is a mix of goods and bads. So i dont judge ppl. When u judge others from a moral high, look at yourself.

END
 

Mister Funsky

Top Contributor
Impact
21,898
Haven't read the whole thread yet, but my 'plan' is to stay the course. Ineffectual and marginalized individuals (due to their own inadequacies) will do their best to disrupt others in the digital universe.

I will continue to buy and sell on the Epik marketplace (along with the other major markets). The most recent issue is just a bump in the road along the journey to forever.
 

April004

Established Member
Impact
188
1. How many names do you have with Epik
2. Are you worried and what's your plan NOW and when the hacking is OVER

1. had only single domain with them, moved to hexonet.
2. but yes, I'm worried about the account information that got leaked to hackers.

so no more Epik (as of now until everything is sorted) there are lots of good, reliable, secure options.

Did i forgot to tell Namecheap is have transfer-week sales, you can transfer .COMs to them for some $3 and few cents.
 
Last edited:

frank-germany

domainer since 2001 / musician
Impact
13,317
Epik having a major security issue is bad news
I feel with everyone having worries about their own data integrity

what I find peculiar is the fact
that a registrar who is using the slogan

"swiss bank of domains"

is either trying to discredit the swiss banks as such
or is simply lying

and as a reaction telling the poor customer
that he is praying for him

don't you get that???
 

Henry Y

Established Member
Impact
1,422
I recently planned to transfer all domains to Epik because of the great customer support and the cheaper renewal and transfer prices offered by Epik (especially the special discount for NP members). I transferred very few domains to Epik for trial, so the impact of the hack (if the hack is true) on me is not high compared to Epik's heavy users. Now the domains cannot be moved away from Epik, so I can do nothing on the domains right now. But it allows me to have more time to see what will happen next and then rethink if I should continue to use Epik or not.
 
LINK: https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

"A Linux engineer tasked with conducting an impact assessment on behalf of a client who uses Epik’s services told the Daily Dot that the breach was one of the worst he had ever seen. The engineer did not have permission to speak about the breach by his employer and was granted anonymity by the Daily Dot.

“They are fully compromised end-to-end,” they said. “Maybe the worst I’ve ever seen in my 20-year career.”

The engineer pointed the Daily Dot to what they described as Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.

The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.

The Daily Dot was unable to confirm the claims made in the press release by Anonymous that every single one of Epik’s customers were exposed in the breach.

Analysis suggests that hacked data goes up until Feb. 28, 2021. The data’s release comes just days after hackers aligned with Anonymous defaced the official website for the Republican Party of Texas over the state’s new restrictions on abortion."
 

frostify

Top Contributor
Impact
969
LINK: https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.

If the actual auth codes to transfer away domain names was included in this hack then that's a huge issue.
 
Impact
46
I was planning to transfer a good chunk of my folio to Epik (due to pricing) and I started to transfer some, but now will definitely hold off and will transfer any of the more valuable names out.

"and even some credit card numbers—all stored in plaintext."
"The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars."

These two bits are extremely concerning. What's sad is that Epik failed to acknowledge any of this and tell us what specific actions they are taking. Instead they are sending the hackers prayers? We need action, explanation, and future prevention. Not prayers.

Here's what I suggest:

1) Enable two factor authentification.
2) Change your password.
3) Transfer any highly valuable domain names OUT.
 
Last edited:

Mister Funsky

Top Contributor
Impact
21,898
The 'hack' either occurred prior to March (6 months ago) or it was a 'hack' of data that was stored at a supplier/2nd site. Either way, any 'damage' that would have happened including stolen names would have and/or should have happened well before now.

Codes have been changed, more than once, and if your names do not stay locked always (regardless of who your registrar might be) you probably should not dabbling in the art of domain investing.

Until/unless someone can legitimately report he/she has had a name stolen I'm not going to worry too much.

Back to the first paragraph, if the data was hacked 6 months ago, why did the hackers wait so long to make a production about it? Were they trying to extort Epik in the meantime or did they just manage to get get access to off core storage?
 

kite26

Fearless Bird
Impact
5,921
That's why i suggest to anyone not to have all his names to only one registrar. I know that can be hard because of cheap pricing, but it is easier to move names. I say that regardless the current news.
I recognize that they are very innovative company, but any topic about safety must be taken very seriously.
 
Last edited:

Steven McEvoy

CEO, McEvoy.biz
Impact
1,582
As I was a huge fan of Epik... I think i will be moving out my domains back to Namesilo/Dynadot.. in do time.

I really hate when businesses want to feed in on politics and personal views... Just like GoDaddy.

**Update i removed 2 important domains the others I will probably wait to sell or transfer when close to exp.
 
Last edited:

topdom

Top Contributor
Impact
1,333
Years ago one of my (landrush) domains was stolen, and moved to another registrar. I contacted my registrar (not a very popular one) and after some waiting I got my domain back. But if I didn't realize it was missing, then it would have gone forever.. (nothing to do with Epik). .. So, in such cases, if you are awake, probably you can protect your domains. (later sold for 4 figures, big amount for a student).
 

KWNG

Established Member
Impact
208
The 'hack' either occurred prior to March (6 months ago) or it was a 'hack' of data that was stored at a supplier/2nd site. Either way, any 'damage' that would have happened including stolen names would have and/or should have happened well before now.

Codes have been changed, more than once, and if your names do not stay locked always (regardless of who your registrar might be) you probably should not dabbling in the art of domain investing.

Until/unless someone can legitimately report he/she has had a name stolen I'm not going to worry too much.

Back to the first paragraph, if the data was hacked 6 months ago, why did the hackers wait so long to make a production about it? Were they trying to extort Epik in the meantime or did they just manage to get get access to off core storage?

Epik should only allow transfers out from here on via not only auth codes but by emailing the owner to double confirm the transfer by clicking on the provided link.
 
Top