alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

You're right, we don't even know if epik deleted the tweet. I suspect they didn't because there is no upside to deleting it. If they admit that, things would look even worse. Just speculation.

I am pretty sure they deleted the tweet. Why is the major question to me.

Brad

 

[Evil.dll]

Attorneys want to make great money so if they have no understanding of a case or what is true or not true they will not waste their time. Some rando anon on a fourm saying they got EVERYTHING is not going to get them to motivated to make great money. A nice document with examples and PROOF will.

I am not getting paid to give you any insight, nor am I a customer of Epik. The reason you spent an hour on the phone with attorneys is because without proof of what you, a rando, on some forum, is throwing out all of your “research” without any substantive proof. If I had any further information, I would not make it available to you or anyone else who does not understand what they are looking at. I am certainly under no obligation to provide attorneys you seek consideration from, any opportunity to enrich yourself. What I am saying is you are pleading for someone to help you understand this hack, I am saying there are qualified professionals on here that have given you free advice, ones that have seen the data, something you have not. I may play a rando on this forum, but that does not mean I am not telling you the truth. You just choose to see it through your own perception which may or may not be correct. I guess the best explanation I can provide you with, Sport, is that it appears the “Data is Cursed”

 

[Derek Peterson]

I am not getting paid to give you any insight, nor am I a customer of Epik. The reason you spent an hour on the phone with attorneys is because without proof of what you, a rando, on some forum, is throwing out all of your “research” without any substantive proof. If I had any further information, I would not make it available to you or anyone else who does not understand what they are looking at. I am certainly under no obligation to provide attorneys you seek consideration from, any opportunity to enrich yourself. What I am saying is you are pleading for someone to help you understand this hack, I am saying there are qualified professionals on here that have given you free advice, ones that have seen the data, something you have not. I may play a rando on this forum, but that does not mean I am not telling you the truth. You just choose to see it through your own perception which may or may not be correct. I guess the best explanation I can provide you with, Sport, is that it appears the “Data is Cursed”

LOL. The Monster curse will be a great meme that will live long after the data issues related to the hack.

 

[mr-x]

What are you talking about? Of course Epik deleted the Tweet. If the hackers hacked Epic's twitter account I'm sure they would have done something more entertaining than just delete the notification tweet.

Thanks, as I said it was must my opinion. You don't have to like it.

 

[mr-x]

LOL. The Monster curse will be a great meme that will live long after the data issues related to the hack.

Good to see you're not emotional invested in the current events.

 

[Derek Peterson]

Good to see you're not emotional invested in the current events.

Of course I have emotions for the users who have been left in the dark but I have about none for Rob Monster or Epik. They've never cared about user privacy or security, which is proven by their previous false claims regarding VPN and DDoS going back years. That is the very attitude that created a culture where something like this hack to occur. Epic and Rob never cared about users, and obviously still don't.

Now you, on the other hand seem very much emotionally invested in Rob, or perhaps economically. When was the last time you communicated with the Monster?

 

[mr-x]

Of course I have emotions for the users who have been left in the dark but I have about none for Rob Monster or Epik. They've never cared about user privacy or security, which is proven by their previous false claims regarding VPN and DDoS going back years. That is the very attitude that created a culture where something like this hack to occur. Epic and Rob never cared about users, and obviously still don't.

Now you, on the other hand seem very much emotionally invested in Rob, or perhaps economically. When was the last time you communicated with the Monster?

I chatted by email with Rob about his services a few years ago, I've never spoken to him in person. I don't know him, haven't contacted any of his employees.

I'm a #1A advocate. I don't care for criminal organizations, I'm not as smart or patient as you are.

 

[Paul]

PSA: If you were required to reset your password on NamePros, we'd appreciate if you provided feedback. We've never had a mandatory password reset affect this many members; we'd like to ensure we use this opportunity to improve the process for future incidents. The feedback thread is public: do not post anything sensitive.

 

[Derek Peterson]

I chatted by email with Rob about his services a few years ago, I've never spoken to him in person. I don't know him, haven't contacted any of his employees.

I'm a #1A advocate. I don't care for criminal organizations, I'm not as smart or patient as you are.

That's great! I'm also a strong advocate for the 1A but here is the thing you need to come to grips with, Rob has been making false claims about his products and services for years and threatening people with lawsuits or worse if they expose those false claims. He has hired investigators to dox and harass people who didn't do what he wanted. He has helped cover up lolicon and porn networks. He has helped partners commit SEC fraud. Rob Monster and Epik are also a criminal organization.

 

[Beezy]

I chatted by email with Rob about his services a few years ago, I've never spoken to him in person. I don't know him, haven't contacted any of his employees.

I'm a #1A advocate. I don't care for criminal organizations, I'm not as smart or patient as you are.

Speaking of criminal organizations, where was Rob Monster sending his customer's data logs?

 

[Kirtaner]

I personally suggest looking up the 2011 hack of HB Gary, and just how badly they were ruined, for an idea as to the scope of the situation here. Comparisons are being made left and right to that incident. The more they try to cover this up and stay silent, the worse it will be for them.

 

[mr-x]

Speaking of criminal organizations, where was Rob Monster sending his customer's data logs?

It that a rhetorical question, to justify the felony breach of a computer network?

 

[Beezy]

It that a rhetorical question, to justify the felony breach of a computer network?

No. I can't believe this goon is still here playing games.

 

[mr-x]

No. I can't believe this goon is still here playing games.

I'm not sure what you mean.

 

[Beezy]

I'm not sure what you mean.

There was data being sent to Russia. To / for whom?

WTF is that too complicated of a question.

 

[mr-x]

There was data being sent to Russia. To / for whom?

WTF is that too complicated of a question.

I'm not here to justify epik's business practices. I don't know why logs were sent to RU. I've heard accusations and justifications but I don't really care. It will come out in the end.

 

[eternaldomains]

Care to explain @Rob Monster?

Why was the tweet informing customers deleted?
Why no information on the 2nd or 3rd leak?

Well, since the tweet contained an unmasked full email address, perhaps security @ E got spammed to death?

I tried some things (don't ask how, my method may feel a bit "hacky/unethical") and it seems that security @ E is no longer an active address. Has anyone here tried to send an email there lately?

I don't use Twit, so is it possible to edit a tweet without deleting the whole thing?

PSA: If you were required to reset your password on NamePros, we'd appreciate if you provided feedback. We've never had a mandatory password reset affect this many members; we'd like to ensure we use this opportunity to improve the process for future incidents. The feedback thread is public: do not post anything sensitive.

So it seems my initial suspicions on anti-domainer attacks still stands....... can't they just let people make a living?




On another note, I've finished up my Masterbucks totaling mid-high-XXX without any problems, and the amounts sent are slightly higher on subsequent withdrawals, also probably due to the market movements. So I thank E for at least fulfilling their duty and not taking members' money.

But I still have in-store credits forever stuck there. Was hoping E would be kind enough to let me reconvert back to MBucks (originally was from MBucks, turned into credits from tasting domains), but that was sadly not allowed. If anyone E-xiting still has credits, you better spend them all as a precaution. Reg or renew, just don't transfer obviously. Safer to have assets in domain than credits in case E gets sued to death. ICANN can only save names, not money.

 

[mr-x]

@Beezy I think the lawyers will be worse than the hackers. They have the ability to subpoena records and testimony.

 

[internext]

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

 

[Jona4s]

If you are sincerely concerned about Epik users

I do care about the users, that's why I took the time to analyse half a terabyte of data

But what good does it have when you can't post anything material here.

When it comes to cybersecurity, there should be no restriction, double speech, half-truths or sugar-coating. You should always be completely honest in what's out there on the wild.

 

[Jurgen Wolf]

Chromium on Linux is sandboxed by default.
So it was hacked or not - doesn't matter.

You can't sandbox Epik and be safe.

 

[johnn]

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

How do you support them when they don’t care about customer data and store them in plain text?

 

[Future Sensors]

The return of the hacktivists

"Epik was the ‘Swiss Bank’ of domain registration services, according to its founder Rob Monster. Privacy was an organising principle, he said. Unlike other domain providers, Epik would afford its users a safe haven to freely express themselves on the websites they registered with the company without intervention." [...]​

Read more: https://techmonitor.ai/technology/cybersecurity/the-return-of-hacktivists

 

[kam]

The truth is Rob, and not many others, have ever dealt with this level of data breach. It is almost unprecedented in nature.

If Rob can't make a detailed statement about the breach because of legal reasons, he needs to say that. If he deleted the tweet because he was advised to, he needs to say that.

Otherwise, the silence is damning and looks like they are just trying to ignore it and move on like it was business as usual.

When you are deleting tweets, and providing no updates it doesn't look good.

Brad

In normal case, if only a little portion of data is leaked. The company can make a statement quickly and stated that what kinds of information is remain safe and told their customer don't have to worry about it.

However, when most of the data were stolen, the company can't go for this route and remain silent may be the best choice.

Because if the company made an statement regarding which data are remain safe. The hackers may choose to leak out such data to make the situation worse.

I think there are nothing they can do now except pray.

 

[Derek Peterson]

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

You are free to start another thread related to the hack of google or any other company

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

You are free to start another thread dedicated to the hack of google or any other company but since this is a website dedicated to the domain industry it probably won't be as popular.

Now, let me respond to this pitiful defense of the criminal actions of Rob Monster and Epik, which is the topic of this thread.
1) He has lied about products and services for years putting user privacy in danger and when exposed threatened and tried to silence those who revealed those things. Myself included.
2) He has helped cover up lolicon and porn networks and profited from it.
3) He has helped partner companies commit SEC fraud.
4) He has hired internet stalkers to dox and harass young women because he didn't like a wiki entry they made.
5) He has made no attempt to notify or protect users of the recent hacks except "cursing the data".