Labeled as information in Warnings and Alerts, started by johnn, Sep 15, 2021
Just the way the world works. Matthew 5:11
Don't mind I ask which registrar is this? Having more backup options would be great these days.
Epik and your pain.
The most correct thread title here.
It seems that the auth code for transfer is no longer available directly from site, but only via email (a change from the past). Other registrars I deal with some you can get codes from site, and others only via admin email. In past Epik allowed both. Clearly only email a bit more secure, but immediately on site is more convenient.
Also, at least for me this morning, it does not allow fast approval via the email link (it asks me if I want to approve, but says approval is not allowed at this time). I did not check with customer service if there are ways around this, it is something temporary, or something particular to my transfer (I was just transferring one name, and don't mind if I do end up needing to wait the 5d).
I have 100+ names at Epik, I do not have immediate plans to move most out, will wait and see details and the response. I use 10 different registrars, with most on 4, so it is not like all my names at any registrar.
Maybe it was not totally their fault,.. that it was stolen. Maybe it was not stolen, and the registry screwed things up * , so I don't want to say bad things about that registrar.
....*Another strange thing happened in those days. I bought a keyword domain in that tld manually when it was available,..and it was taken away from me because it was a landrush domain owned by someone else (after 2 days)?..
(so if their story was correct, then its "actual owner" could think I stole it. )
The point is, you can get your stolen domain back if you act fast enough (probably).
I think it will be easy when there is any problem to file a lawsuit and get compensation from epik.
What we know about this breach keeps getting worse and worse.
I'm not going to regurgitate everything here, but anyone who's ever used Epik should seriously follow along the main thread:
Essentially, it's not just your Epik account you should be thinking about. It's being claimed that even failed login attempts were stored in plaintext, and now leaked to the public, meaning that not just your Epik password is likely being passed around - but also passwords you may use for any number of other services and apps as well (think bank accounts, crypto accounts, email addresses, streaming services, restaurant apps, etc etc etc).
The potential damage has barely even started. This information is just starting to make the rounds.
My plan is to stay away from Epik, at least for the time being. I pretty much stopped using them when Afternic dropped the 'swiss bank of domains' from the fast-transfer list.
That's horrible. Many people use password manager software to keep their password and just copy and paste it to login when needed.
However, it's not uncommon that someone wrongfully copy another website password when they try to login.
So all these skin head, nazi, republican crazies and other actors that no other company would touch, they all gathered in one place, mainly Epik.
Epik had their trust and kinda let them down. I image they are pissed? Do these outfits simply sling words? or are they action orientated?
I guess I may fear for Epik and their safety. Is it that serious?
To me epik is still the best registrar, I will continue with them..
We still can expedite the transfer by contacting their live support @Bob Hawkes , they will approve it for you. I did it last night.
Yes, just to update what I wrote earlier, you can now get auth codes again, and as @ET76 reports can get live support to expedite approval of the transfer.
that was funny
Or will get back in any time. Everything I have seen so far is the epik is following the worst practices for security.
That was the last straw for me. But like a fool i thought the worst was over and could reg some names that i didnt care about FT. Now this finally shows its never going to get better.
Its not the breach that bothers me. Its that the breach exposed how shitty epik is at security and protecting customers.
One despising epik cannot bring epik down..
don't forget we talk about a domain registrar
and not "the >>lord<<'s domain registrar"
even though Rob thinks so
Security must be the A and Z for any registrar. For any company, not only registrar actually. All the innovation should come as second priority. What to do the innovation when my cc is leaked?
"As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers [...] At this time, we have not confirmed that your card information has been compromised. As a precautionary measure, you may choose to contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly."
This is the only thing that actually worries me right now. What are the chances that hackers were able to reach credit cards data? I guess low... but still. Are you doing anything about it? Are you canceling your cards?
Just transferred out many of my domains that were on Epik over to another registrar.
Called my bank to cancel my debit card and have a new one with entirely new numbers mailed to me.
Changed all my passwords (using 1Password). It's been an incredible pain in the a**. A long time ago I remember them advertising themselves as the "Swiss Bank of Domains" and I thought I'd picked a secure registrar, boy was I wrong...
Yes, no other way.
I have stepped back from domaining, but just before I did start using Epik and had been impressed with their platform. I'd assumed that if I got back into it, I'd use them. That won't be happening now.
Yes...without hesitation. In the last 3 years I have had to cancel cards at one place or another due to a data breach 4 times. Not a big deal, just part of the reality of existing in a digital world filled with criminals.
Separate names with a comma.