Dynadot

information Epik and your plan

Spaceship Spaceship
Watch

johnn

WeSellName.comTop Member
Impact
11,429
I know there are a lot of members here have account with Epik so the information from you may help other members.

1. How many names do you have with Epik
2. Are you worried and what's your plan NOW and when the hacking is OVER
 
7
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
try cloudflare

I checked it out (again), but it seems that one needs a PhD in computer programming in order to add all these sites and set up the proper DNS configuration.. they expect you to know what CURL is and how to do programming.. why can't they make it easy and simple.. like EPIK's interface...
 
3
•••
I checked it out (again), but it seems that one needs a PhD in computer programming in order to add all these sites and set up the proper DNS configuration.. they expect you to know what CURL is and how to do programming.. why can't they make it easy and simple.. like EPIK's interface...


why don't you use their automated DNS detection?
 
0
•••
Difficult to see. Always in motion is the future.
 
0
•••
why don't you use their automated DNS detection?

I use that for individual domains, on occasion, but I would have thousands to upload for my entire portfolio they need a bulk uploader... otherwise I would be doing them one at a time... and it appears you have to use the API to do bulk
 
Last edited:
0
•••
1. How many names do you have with Epik
I used to have just one domain with Epik in the past - testing the registrar.
2. Are you worried and what's your plan NOW and when the hacking is OVER
I never closed the account and my EU home address and personal phone is most likely exposed to the public.
 
Last edited:
0
•••
I always consider to create an account epik as their transfer fee is low and they are one of the few registrars who accept bitcoin. But I didn't have time for it. Although I am politically socialist and they are conservative, it's business.
 
Last edited:
0
•••
I'd rather post my opinion here (mainly general thoughts about Epik), rather on ''neighbors threads'' which for the most part is filled with hate, gloat, speculations, unproven info and just a bunch of bullshit. To me, it's best to divide the whole problem in three parts:

1) How good Epik is as a platform
2) How good is their security
3) Rob's political and religious believes (simply because it's a huge ''thing'' for many, all of a sudden)

1. Epik is an awesome platform to work with. Easy to manage names, comfortable import-export, lots of statistics (views, Who.is, Alexa, PageRanks etc), different parameters to check across and categorize. Then there are awesome landing pages that you create in minutes, there is a marketplace which you can use as your website basically, there are NameLiquidate auctions, appraisals (for those who need) and other features. I've been with 5 other registrars (still with some), but none of them come close in terms of ease and comfort of managing names. Their customer service is outstanding, even though I don't have to go to them a lot, soon you realize you know all these guys by names, chatting pretty much like with an old friend to many.
Is the above said a reason for me to stay? Yes, absolutely.

2. How good is (was) Epik's security? They got hacked, it's a fact. That can happen to anybody. Could they do better to prevent it? We don't know it in fact, but it's possible, and now it seems as an extremely obvious thing to me that the security measures will be raised to an absolute maximum for this not to happen again. And do we really know how other registrars keep their information, and what are the odds for leaks and hacks there? We assume just because we don't hear lots about them that their systems are secured well, but we have no idea about it in reality.
So, emotions aside (''how could they....!!! Epik Fail....!!!), isn't Epik's ''lesson learned'' the reason to stay? My answer is again ''yes''.

3. Rob Monster's beliefs. That's the most entertaining part for me, I personally wouldn't care less even if he preyed on Carl Marx, but for many folks his conservative views is a red rag to a bull here. There are clearly people that are against his views, others complain that he is mixing them with business.
I only talked to Rob a couple of times (heard no ''Heil Hitler!''greetings, I swear!) and saw a few interviews, but it very much seems to me that he really and truly supports the idea that EVERYBODY has the right to be heard as long as it does not break the law. In other words, if someone is IamAnIdiot.com, and other registrars are like: ''he is an idiot, we don't want him'', he's point is ''hey, if you come to me, you can show you are an idiot from here, you have the right to do so''. But this position nowadays unfortunately makes you a target. It is a fundamental problem for our society (that becomes more and more totalitarian), which simply wants to silence certain views, while heavily promoting others, that way too many people/companies/groups are just being labeled (thus being ''cancelled'') for exposing different opinions.
Staying for what you believe openly now is a revolutionary act, which only shows what kind of perverted world we are living in.
To sum the third point up: do his beliefs affect my decision to keep domains with Epik? No, not a single bit. But on a personal level I like people who stand for what they believe is right, regarding conjuncture and pressure.

So, 3-0 for me in favor of staying.
 
19
•••
Epik.com is still the best domain registrar on the internet regardless off being hacked it will just make the company stronger .

Maybe a rebranding is due .
 
5
•••
5
•••
3
•••
I don't see it listed on TPB. I don't want to download 300GB but I'd like to snag a copy so I can see what information of mine they actually have. Wonder where it is being shared.
 
0
•••
I don't see it listed on TPB. I don't want to download 300GB but I'd like to snag a copy so I can see what information of mine they actually have. Wonder where it is being shared.

I think the data would be very hard to go through for the average person, but these are reportedly full bootable disk images of the server. Unless some information has been removed, it is likely safe to assume whatever is on the server has been breached.

One serious question is about the ID documents that Epik had. Were they stored on the breached server, or in a more secure location like cold storage?

https://www.dailydot.com/debug/anonymous-new-epik-leak/

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.

“Files are one thing, but a virtual machine disk image allows you to boot up the company’s entire server on your own,” he said. “We usually see breaches with database dumps, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving.”

The data includes API keys and plaintext login credentials for not only Epik’s system but for Coinbase, PayPal, and the company’s Twitter account.
 
Last edited:
4
•••
I don't see it listed on TPB. I don't want to download 300GB but I'd like to snag a copy so I can see what information of mine they actually have. Wonder where it is being shared.

My quick conclusion is that you're not a security researcher :sneaky: My advice to anyone wanting to download a copy to play with, is to check the applicable laws in your country before you proceed. And remember this, ET may be able to phone home. Learn proper forensic procedures as well.
 
0
•••
I prefer domain registrars that don't require me to sign up to credit monitoring agencies.
Unfortunately, I was directly impacted by this security breach, had to cancel my debit card, and am actively involved with all the major credit reporting agencies to be on the lookout for fraud.

Aside from the credit monitoring program, Epik has offered nothing to their customers as compensation for the incredible inconvenience this has caused. I think it would have been a gesture of goodwill for them to offer something to customers who were directly impacted while also laying out a roadmap for immediate and future steps they plan on taking regarding their security somewhere accessible from the homepage on Epik.com. It seems Epik is hesitant to publicly acknowledge the hack on their homepage, instead emailing existing customers.

I think stepping up and 'owning' their mistakes is the right path forward.
I suggest Rob write a detailed blog post + security road map and link to it from the header on Epik.com.
 
Last edited:
8
•••
My quick conclusion is that you're not a security researcher :sneaky: My advice to anyone wanting to download a copy to play with, is to check the applicable laws in your country before you proceed. And remember this, ET may be able to phone home. Learn proper forensic procedures as well.

For anyone looking to see if they were impacted in this breach, rather than downloading 300GB of data that was illegitimately acquired, just go to HaveiBeenPwned.com and type your email in that was associated with your Epik account. They will let you know if your data was found in the breach (as well as other past breaches).
 
Last edited:
1
•••
For anyone looking to see if they were impacted in this breach, rather than downloading 300GB of data that was illegitimately acquired, just go to HaveiBeenPwned.com and type your email in that was associated with your Epik account. They will let you know if your data was found in the breach (as well as other past breaches).

The data included there is only a subset, the data breach includes more data sets.
 
2
•••
This morning Epik forced me to reset my pw on login. I had reset it shortly after the notification of breach a couple of weeks ago.

Are others encountering that, or is it something on my account? I think forcing everyone to change pw is a good idea, just wondering if that is what they have now done.

Bob
 
6
•••
This morning Epik forced me to reset my pw on login. I had reset it shortly after the notification of breach a couple of weeks ago.

Are others encountering that, or is it something on my account? I think forcing everyone to change pw is a good idea, just wondering if that is what they have now done.

No changes for me, I just logged in.
Probably, because 2FA SMS is activated for my account.
 
3
•••
This morning Epik forced me to reset my pw on login. I had reset it shortly after the notification of breach a couple of weeks ago.

Are others encountering that, or is it something on my account? I think forcing everyone to change pw is a good idea, just wondering if that is what they have now done.

Bob


It won’t force you if you enable two factor which everyone should have on.
 
4
•••
Are others encountering that, or is it something on my account?

I've change PIN, email address and password...more than once. I will continue to change the PIN and password on a regular basis until the site is rebuilt or repaired to prevent further breaches. I never received a forced reset...I assume it is because I've been changing my info.

ADD: as karmaco and jurgen say above, it may be because I had 2FA...EVERYONE should have 2FA on EVERYTHING
 
Last edited:
3
•••
Just so you guys know they are automatically changing our pins for safety. So know your current pin before you contact customer service. I assume this is a new security feature.
 
1
•••
Just so you guys know they are automatically changing our pins for safety. So know your current pin before you contact customer service. I assume this is a new security feature.
I asked through their chat the other day, they say it's a one-time manual pin refresh for all accounts.
 
3
•••
My experience was that Epik's service was always top notch. Rob himself was very responsive when I needed to get in touch with him. I hope with all my heart that the storm will pass and I hope the best for epik.
I will not transfer out my names.
I'm sure they will find a way to secure everything.
 
Last edited:
3
•••
This morning Epik forced me to reset my pw on login. I had reset it shortly after the notification of breach a couple of weeks ago.

Are others encountering that, or is it something on my account? I think forcing everyone to change pw is a good idea, just wondering if that is what they have now done.

Bob
I received that notice and and changed the PW, last week.
 
0
•••
Changing your password now is equivalent to putting on a condom after she tells you she's pregnant.

This morning hackers running bots tried to access my account.

Screenshot_20211011-084303_Messages.jpg


Two years ago I warned Rob that his 💩platform was vulnerable.

Screenshot_20211011-093125_Chrome.jpg



Nothing was done...
 
1
•••
Back