alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[johnn]

Just found out that Epik has 37 staff members here at Namepros.
Why on earth a small company like Epik allow to have 37 staff members here for what? so they can help Rob spam the forum.
I bet he pay little or nothing for these people working for him.
Everything he did as an CEO of a company is wrong.
He keep spamming that his company is the best on earth with all the latest technologies and when the hacking happened he has been hiding like a rat in a kitchen. When we found out that he store customer data in plain text.
He complained about people need to have an "open discussion" from the other dead forum and when I posted the information here he deleted the thread. This guy CANNOT BE TRUSTED.
What I don't understand is there are still some people think Rob is a good guy and PROMISED to stay with Epik and not moving the names out. Why?
I saw many sale listings here with Epik and not too many interests in these names.

Another words: "I know the house is on fired but I love the house so I will come back to the house regardless if the house will be fixed or not"

 

[Bravo Mod Team]

Just found out that Epik has 37 staff members here at Namepros.

Johnn is referring to Verified Company Representatives:

• https://www.namepros.com/members/?type=reps

Learn more:

• https://www.namepros.com/threads/verified-company-representative-badges.860810/

 

[karmaco]

That sounds like they are about to sell Epik off which would not surprise me. How else does faith/religion get separated from a registrar run by Rob? I heard rumors they were looking to sell earlier this year.

 

[Kingslayer]

Just found out that Epik has 37 staff members here at Namepros.

I knew they had a lot, but I never knew they had that amount of representatives.

I remember when they got 'NamePros registrar of the year' a few members wondered how many who voted for Epik was Epik staff members.

 

[bmugford]

I knew they had a lot, but I never knew they had that amount of representatives.

I remember when they got 'NamePros registrar of the year' a few members wondered how many who voted for Epik was Epik staff members.

That entire poll was nonsense IMO.

Epik and staff were basically using self-promotional marketing and lobbying for votes.

On top of that their margin over Dynadot was well under the amount of Epik staff badges on NamePros, which is a disproportionately high number for a small company.

Then after winning they flogged it in their marketing materials as if it was some monumental achievement and a full endorsement from NamePros and the entire domain community.

When the same poll was run at the end of the year, Epik did not win, and had far less votes.

Brad

 

[Kingslayer]

That entire poll was nonsense IMO.

Epik and staff were basically using self-promotional marketing and lobbying for votes.

That’s why I said maybe NamePros should review how it gives ‘registrar of the year’ awards in the future.

Then after winning they flogged it in their marketing materials as if it was some monumental achievement and a full endorsement from NamePros and the entire domain community.

The whole 'endorsement' is what I meant by when you stick your name on an award (NamePros) it is like you are 'endorsing' it as the best registrar and when you look at what’s happened, many forum members being caught up in this mess, I do wonder how many signed up to Epik as result of this award.

 

[Future Sensors]

Source: https://texasgop.org/data-breach/

 

[Save Breach]

I take some of my words back. There was only one issue that wasn't paid for, they say that's a staging server so I think I will agree to that it wouldn't be impactful.

Epik did pay a few bounties to me like a $400 bounty in April this year, as in-store credit and they fixed the issue. As I always said, @Rob Monster is a good person, he is responsive and I have nothing against him, he did respond to me personally at times support didn't. I do know he is going through a hard time but I think they should work on resolving the security issues to prevent any breach in the future. I continue to be on good terms with them as of now. I like their stance on anti-censorship and anonymity.

Breaches do happen, it's hard to make software 100% fault-tolerant. You can never make a 100% secure system. Being in this industry, I know so many people who never reported critical incidents/breaches that happened and never kept logs, it's far too common.

My advice to Rob would be to get a good CISO, to assist him in making policies on the information security side. Probably they need massive improvements to their security and I heard much of it is underway. I am ready to give them another chance and I hope they will be back stronger.

 

[mr-x]

Another victim of criminal, cyber terrorist.

Source: https://texasgop.org/data-breach/

Show attachment 201654

 

[Future Sensors]

Another victim of criminal, cyber terrorist.

This was already mentioned in the press and on Twitter. What we are now starting to see are these formal notifications and investigations by Epik customers that were part of the same breach.

 

[mr-x]

This was already mentioned in the press and on Twitter. What we are now starting to see are these formal notifications and investigations by Epik customers that were part of the same breach.

Thanks.

 

[DN Playbook]

Source: https://texasgop.org/data-breach/

Show attachment 201654

This was already mentioned in the press and on Twitter. What we are now starting to see are these formal notifications and investigations by Epik customers that were part of the same breach.

TexasGOP.org appear to be on shared hosting. As such, they would not have any control over server side security. They would still be at the mercy of Epik as long as they host there. This also shows that the hack is not limited to E's registrar service.

 

[SirDrago]

Active attempts to login to my account by hackers...

Unbelievable,
And I told @Rob Monster that his site was vulnerable months ago!

Tried using chat to tell them while it was happening and Raj had NO CLUE HOW TO HELP.

I'll find the conversation and post here later.

 

[SirDrago]

Who ever hacked your platform is now running bots with "our stolen" emails and passwords.

I TOLD YOU SO @Rob Monster

 

[fatter]

Got the same messages, will changing password help

 

[DN Playbook]

Got the same messages, will changing password help

It is always a good idea to change passwords. Whether it would help in the case of E depends on any announcement and assurance that the security holes have been fixed. Otherwise, hackers may still have access. But if you used the same email/password combo on any other service, you should definitely change those asap.

 

[johnn]

Some people still did not get it and want to give Rob a second chance.
It's not simple like pricing mistakes or transfer names but he is stubborn with the security and MESSED UP the life of his customers - at least thousand of people.
This is not a mistake but stupidity from his part. And if he is a good guy then where the hell he has been hiding for the last several weeks.

Wake up people.
Several Civil lawsuits may come soon!

 

[DN Playbook]

And if he is a good guy then where the hell he has been hiding for the last several weeks.

It would certainly be advisable to move out your assets (domains, websites) until a high level of certainty is given from RM/E that the security problems have been fixed. And even then, proceed with caution. It is hard to understand why no updates are given by E with exception of a PR spin. If we knew the full scope of the situation perhaps it wouldn't be so hard to understand. Unfortunately, we are left with speculation. But the signs are all there.

 

[Windoms]

It would certainly be advisable to move out your assets (domains, websites) until a high level of certainty is given from RM/E that the security problems have been fixed. And even then, proceed with caution. It is hard to understand why no updates are given by E with exception of a PR spin. If we knew the full scope of the situation perhaps it wouldn't be so hard to understand. Unfortunately, we are left with speculation. But the signs are all there.

Problem is Rob doesnt want you to move your domains.

 

[topdom]

What would be the damage: Are you domains safe. Now, your info, name address, list of your domains may have been stolen. Even your pw may have been stolen. What now, will you lose your domains. First change your pw. The hacker can still have access to your pw and login to your account from his device (and you can probably check if this happened). But can your domains be stolen, there are two ways to transfer, one with authcode, and another with push. Authcode is not displayed anymore (?: not shown to us at least), and emailed to admin contact. So unless your admin email was also stolen your domain can't be moved to another registrar*. What else can happen: theft via PUSH, or SALES via Epik's own marketplace. Epik must do something about it, and I bet they did. ... So, the important thing is making sure your admin contact email is safe. *Can admin contact be modified from Epik, if so this would be a big risk.
Nameserver changes should also require verification (if new ones used at least).
Another thing: The hacker can sell his own domains to you using Epik marketplace (but this would be very noticable, and probably not happen).

Other stuff: hosting, certs etc are more complicated, and can't say anything about it.
Can such data be used against you in UDRP, yes, but I think this would count as an illegal use.
Finance: use a low limit card, and monitor it frequently. How about cards used in the past?
You can consider moving all your domains elsewhere , but this can mean an enormous renewal/transfer cost in a short period of time.

 

[Future Sensors]

Active attempts to login to my account by hackers...
Show attachment 201686

Show attachment 201687

Unbelievable,
And I told @Rob Monster that his site was vulnerable months ago!

Tried using chat to tell them while it was happening and Raj had NO CLUE HOW TO HELP.

I'll find the conversation and post here later.

A message to Epik, as its source code has now been made public and is under public investigation. Check your 2FA / PIN code generation procedure, and that it has not been tampered with. Make sure that it has the greatest possible degree of randomness. And rebuild everything.

https://resources.infosecinstitute....ques-for-attacking-two-factor-authentication/

 

[Future Sensors]

@SirDrago You are now in effect being DoS'ed with PINs. I do not rule out that customers will turn off this method for that reason.

 

[bmugford]

I noticed on the other domain forum that the "struggle session" thread posted by Rob, that was supposed to be an "open dialogue", is no longer publicly viewable.

Currently it shows the following -

"You must be logged-in to do that."

I wonder why.

Brad

It now looks like the "Struggle Session" thread Rob posted on the other website has been fully deleted.

It shows -

Oops! We ran into some problems.
The requested thread could not be found.

The memory holing is not going to work.

#memoryhole

Brad

 

[Kirtaner]

Epik Fail was in Rolling Stone today.

It will not be the only time.

Media saturation will continue indefinitely, there is no stopping it.

 

[Kirtaner]

https://twitter.com/x/status/1447772188963229702