alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Paul]

Then why superbuggy Dynadot is not hacked???

Buggy doesn't necessarily mean insecure. All websites get hacked eventually, though.

 

[Jurgen Wolf]

Dynadot is not even 10% of the traditional hype around Epik...
That's why they live without such adventures.

 

[eternaldomains]

Then why superbuggy Dynadot is not hacked???

No reason for hack. No politics, no price hold. Lack of CEO presence. Almost like a normal nobody in people's eyes if you ask me.

 

[johnn]

There is a big difference between hacking and ddos attack.

 

[Windoms]

What are real roots (motivation) of these attacks?
Competitors, discrimination, Trumpism etc. or what?
Epik must consider it firstly.

"Map out a decade of online fash with a level of clarity nobody has been able to until now."
"This dataset is all that's needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and well, just about everybody. And maybe have a little extra fun. For the lulz."

Some people are in very hot water.

 

[Digital Kush]

This is really hectic
Can we have best registrars to keep our Domains safe. For crypto we have nano ledger etc. or keep private keys...
Any best solution for keeping Domains safe?

 

[Jurgen Wolf]

They need rebranding definitely.

January'2021 (8 months ago):
https://www.telegraph.co.uk/technol...-registrar-keeping-extremist-websites-online/

 

[Jurgen Wolf]

Any best solution for keeping Domains safe?

MarkMonitor.

 

[jhm]

"Map out a decade of online fash with a level of clarity nobody has been able to until now."
"This dataset is all that's needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and well, just about everybody. And maybe have a little extra fun. For the lulz."
Show attachment 199383

Some people are in very hot water.

When certain hackers are all about freedom / anti-establishment, I can ride along with that to some degree. The compromising of people, putting their stuff at risk, invading privacy ...not so much

 

[blockhead]

More bad news coming, just got a newly regged name 'sold' on SH wholesale market and now buyer wants auth code. Goddammit. I even priced it higher than usual thinking it might not be sold and now this happens. What the hell am I gonna do?

Personally, I'm going to de-list my ~10 domains that are transfer-locked at Epik until I have the ability to move them out. Sadly I transferred them there recently to save a buck.

 

[Paul]

MarkMonitor.

Everyone gets hacked eventually, and MarkMonitor is no exception. Their situation wasn't as bad as Epik's appears to be, but it was still a blunder.

We're just going to see more and more of these issues as time goes on.

 

[Jurgen Wolf]

Then https://www.cscdbs.com/en/domain-management/

We are talking about the ROOTS/REASONS.
Not about the results and methods (HACKED).

 

[eternaldomains]

Everyone gets hacked eventually, and MarkMonitor is no exception. Their situation wasn't as bad as Epik's appears to be, but it was still a blunder.

We're just going to see more and more of these issues as time goes on.

Wow, and this news is this month. To think someone had a chance to use coinbase to phish for bitcoins, or google to mess with everything.... ridiculous.

 

[br1ll1on]

Everyone gets hacked eventually, and MarkMonitor is no exception. Their situation wasn't as bad as Epik's appears to be, but it was still a blunder.

We're just going to see more and more of these issues as time goes on.

you're right but nothing is more disappointing and annoying than their silence, this is where you alert your users and ensure they take measures to avoid further damages like losing their domains (I'm pretty sure not everyone using epik knows about this yet)

 

[DaveX]

https://twitter.com/x/status/1438149904241729538

 

[Paul]

Then https://www.cscdbs.com/en/domain-management/

Were are talking about the ROOTS/REASONS.
Not about the results and methods (HACKED).

Given a large enough attack surface and a sufficient supply of nefarious individuals, someone somewhere will eventually find a reason to hack anything. Let the courts get to the bottom of that; there's no point in speculating.

Otherwise, this is just going to turn into an unproductive flame war with one side claiming Epik had it coming and the other claiming it's a false flag operation, with both sides offering no evidence beyond a hunch.

There appears to be a lot of data here, and it's going to take researchers quite a while to get through it all, myself included. All that's known thus far is that you should change your passwords. I know everyone is eager to point fingers, but we just don't have the information we need to come to educated conclusions yet.

you're right but nothing is more disappointing and annoying than their silence, this is where you alert your users and ensure they take measures to avoid further damages like losing their domains (I'm pretty sure not everyone using epik knows about this yet)

Perhaps, but right now they're probably stuck trying to lock everything down and figure out what happened. Most sites can be taken offline during incident response; registrars don't really have that luxury. I'm sure there are plenty of frustrated people running on nothing but caffeine and anxiety right now.

Let's all learn from this: plan for breaches now; don't improvise as you go. Every website gets hacked. If you run a website and haven't already planned for that inevitability, now is the time to start so you're not fumbling in-the-moment.

 

[Lox]

source twitter (old data - afternic lic)

 

[Jurgen Wolf]

I'm sure 1000%, that all these technical aspects are absolutely secondary in EPIK FAIL story.

 

[tonyk2000]

Epik might want to:

1) Shut everything down in the meantime. The sky would not fall. Why? There is a possibility of unauthorized transfers away...

2) Hire external security (server management, etc.) company and ASAP.

3) Clean/upgrade/etc all the systems and restore the service with obligatory passwords change, as well as 2fa reset, after next login.

4) Send email to all customers, but, for god's sake, without mentioning politics or anything similar.

5) Since Epik earned a certain level of trust (not with all the domaining community, but it is irrelevant in this context) - the honesty would be the key to survive. Some members right in this thread support epik, some don't, some like it, some don't, but it should be obvious enough that "disappeared" domaining-friendly registrar would not benefit the industry as a whole in any aspect.

 

[eternaldomains]

4) Send email to all customers, but, for god's sake, without mentioning politics or anything similar.

Somehow, it's, like, impossible, for them to separate their announcements from politics without activating a death curse.