alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Kirtaner]

People are telling me this thread isn't about trolls and you are quoting me a nazi troll named Weev and another longtime old anti-semitic troll "Kirtaner".

That's for Twitter, not Namepros. There is no justification for using this thread to make registrars content policers (which the large ones already aren't).

Don't insinuate such things of me ever again.

Rob Monster's continued responses to this event are disappointing.

 

[jmcc]

There has been a "rigidly defined areas of uncertainty and doubt" thread created. Can people please leave this thread for for the discussion of the Epik databreach and its effects?

Regards...jmcc

 

[Bravo Mod Team]

I posted this with the permission of Bravo

they have been reviewed by the bravo team mod and approved

Responsible disclosure is permitted and shared expertise is an appreciated contribution to the community, but you’re giving us a little too much credit:

We haven't had time to review posts unless they are reported, moderated due to automated mechanisms, skimmed while spot checking, or they @mention us (these are hit-or-miss).

Of the posts we’ve seen by you, they’ve mostly been on topic and contributory.

Thanks for sharing your technical expertise.

 

[Future Sensors]

There is something fascinating to see among Epik customers right now. There is one very loyal group that has gained more confidence in the company as a result of the incident. This group is now actively encouraging other people to bring more domains to Epik, while there is no guarantee that the security problems have been resolved (keyword again: APT).

Then you have a group of highly concerned, previously extremely loyal, customers who ask the company for answers that they never get.

 

[Bravo Mod Team]

We haven't had time to review posts

A good example is all of the posts that came in while typing our previous message. A different mod team can handle those; this mod team is tired and calling it a day.

 

[Evil.dll]

The bottom line is as many credible sources other than myself have pointed out is that the nature of the information that was leaked in this breach is massive. And with persistence and privilege escalation the breach has gotten worse. A failure to disclose to customers the nature of the data that was leaked would be an admission of culpability, so you will likely not hear a lot if anything relevant to that from any entity. However as consumers, you have a right to understand how companies use and store your data. Customers in certain geographical areas have stricter laws on consumer privacy. It has been publicly disclosed that there was a data leak by numerous credible sources, the nature of how the information was stored was not in compliance with best practices and certainly not within the standards of PCI DSS standards. In my opinion you should exercise your right to know how your information is being used.

 

[jmcc]

The bottom line is as many credible sources other than myself have pointed out is that the nature of the information that was leaked in this breach is massive. And with persistence and privilege escalation the breach has gotten worse.

There seems to be a rather curious aspect to the maximum file dates on the releases and some were from 2020. (I'm going on what I've read on Twitter and other commentary rather than the data as I didn't download any of it.) The later releases seem to have older maximum dates than the first leaked data. That may be an indication of escalation or, perhaps, an indication of an earlier compromise date for some servers. It may also be an indication of data from backups being used to increase access.

The main problem with the analysis is that while people reviewing the leaked data may understand various software vulnerabilities, they may not be familiar with registrar and domain name operations and that means that there is a steep learning curve.

Regards...jmcc

 

[shoulda9393]

Don't insinuate such things of me ever again.
Rob Monster's continued responses to this event are disappointing.

Ok well because the people you work(ed?) with on Twitter claim, in public, your origin is the same irony-bro racist milieu of the cultures you are now (rightly) working to destroy. I was just going with it their empirical citations, including archived tweets, that you haven't fully "changed". But given I'm not into cancel culture, I'll take your word that you've been misunderstood or that such posts were just racist jokes and not seriously racist jokes.

But for what's actually important:

If you were involved in the registrar hack, you have no moral high ground here given the hack was an illegal action against thousands of non-politiical people. You claim to be the head and/or founder of "Anonymous". "Anonymous" took responsibility for the leak of Epik customer data.

What is the preoccupation with Epik, when Epik already booted off the worst sites years ago? The last time I heard your name was about your (admirable) hatred of the Q movement, who are largely not on Epik, but at Vanwatech.

Is the thought that websites wouldn't have a home without Epik? Because that's not true, the rogue sites already moved elsewhere. Is the thought that you are "punishing online Nazis that you wish you could have stopped x years ago", then why celebrate on Twitter a leak that wasn't targeted, but rather everyone who used the service, including thousands of non-political people...

This thread is about illegal actions on the part of Anonymous against domain owners. As you haven't straight up admitted to being directly involved in the hack, no one can claim you did it. All that's known so far is news outlets as of late have directly attributed you to being a capital A "Anonymous hacker". And your public statements celebrate a possible demise of Epik.

Also, what is Rob supposed to do? If he shuts down, then the sites you claim to hate, but have shared similar sentiment with many years ago, would then be moved by ICANN to a new registrar. If a site doesn't trust where ICANN would move the domain to, they would just move to registrars that are foreign or that you have no emotional control over.

 

[Derek Peterson]

Ok well because the people you work(ed?) with on Twitter claim, in public, your origin is the same irony-bro racist milieu of the cultures you are now (rightly) working to destroy. I was just going with it their empirical citations, including archived tweets, that you haven't fully "changed". But given I'm not into cancel culture, I'll take your word that you've been misunderstood or that such posts were just racist jokes and not seriously racist jokes.

But for what's actually important:

If you were involved in the registrar hack, you have no moral high ground here given the hack was an illegal action against thousands of non-politiical people. You claim to be the head and/or founder of "Anonymous". "Anonymous" took responsibility for the leak of Epik customer data.

What is the preoccupation with Epik, when Epik already booted off the worst sites years ago? The last time I heard your name was about your (admirable) hatred of the Q movement, who are largely not on Epik, but at Vanwatech.

Is the thought that websites wouldn't have a home without Epik? Because that's not true, the rogue sites already moved elsewhere. Is the thought that you are "punishing online Nazis that you wish you could have stopped x years ago", then why celebrate on Twitter a leak that wasn't targeted, but rather everyone who used the service, including thousands of non-political people...

This thread is about illegal actions on the part of Anonymous against domain owners. As you haven't straight up admitted to being directly involved in the hack, no one can claim you did it. All that's known so far is news outlets as of late have directly attributed you to being a capital A "Anonymous hacker". And your public statements celebrate a possible demise of Epik.

Also, what is Rob supposed to do? If he shuts down, then the sites you claim to hate, but have shared similar sentiment with many years ago, would then be moved by ICANN to a new registrar. If a site doesn't trust where ICANN would move the domain to, they would just move to registrars that are foreign or that you have no emotional control over.

False. This thread is about the illegal and fraudulent actions of Rob Monster and Epik. Everyone knows that hacking is illegal so there is really nothing to discuss in that dept. Maybe you should back and read 100 pages and get caught up on Monster's actions.

 

[shoulda9393]

False. This thread is about the illegal and fraudulent actions of Rob Monster and Epik. Everyone knows that hacking is illegal so there is really nothing to discuss in that dept. Maybe you should back and read 100 pages and get caught up on Monster's actions.

Umm no, this thread is about the illegal breach of Epik. Who did the breach? Anonymous. Who claims to be the founder of anonymous? Aubrey. Was he directly involved in the hack? I don't know, he should tell us.

 

[Molly White]

Umm no, this thread is about the illegal breach of Epik. Who did the breach? Anonymous. Who claims to be the founder of anonymous? Aubrey. Was he directly involved in the hack? I don't know, he should tell us.

Mr. Peterson's suggestion that you read back through the thread is a good one. Kirtaner has already answered this.

 

[shoulda9393]

Mr. Peterson's suggestion that you read back through the thread is a good one. Kirtaner has already answered this.

I'd like to hear him talk about any role or lack thereof in the hack as much as possible actually. The more the better. Helps a lot when he does.

He seems to like talking about himself and his activities.

 

[Future Sensors]

Umm no, this thread is about the illegal breach of Epik. Who did the breach? Anonymous. Who claims to be the founder of anonymous? Aubrey. Was he directly involved in the hack? I don't know, he should tell us.

This guy is a hacker.

https://hucksters.net/person/joseph-camp

From that page, and as reported in the Washington post:

"Melissa Lewis, a self-described anti-fascist activist and writer in Portland, Ore., said her family spent months feeling “hunted” by far-right troll and convicted hacker Joseph “Joey” Camp, whose name was listed on domain registrations with Epik and who has claimed publicly to have done freelance work for Monster."​

 

[shoulda9393]

This guy is a hacker.

I don't like Joey Camp, but unfortunately, this thread is about the Epik breach by a crime syndicate Aubrey claims to be the founder of. Cute that a Wikipedia admin defends him in public though while also editing on the topic. Might be worth noting to Wikipedia.

 

[Molly White]

Cute that a Wikipedia admin defends him in public though while also editing on the topic. Might be worth noting to Wikipedia.

Not sure how telling you that the question was asked and answered is "defending him in public", but sure, go for it.

 

[shoulda9393]

Not sure how telling you that the question was asked and answered is "defending him in public", but sure, go for it.

You have been defending him in public, and he has been retweeting you, positively, on related matters.

 

[Future Sensors]

You have been defending him in public, and he has been retweeting you, positively, on related matters.

As much as I understand your reasoning, in practice it is much more complicated as an outsider to point out who is responsible. You can't hold someone accountable on the basis of a retweet. The authorities will research this much more thoroughly.

As for Molly, I've seen her document the breach very extensively and neutrally, with citations and sources included. She does not take a position on this. In the meantime she has to deal with personal attacks that come from Epik. I wouldn't be surprised if Molly's good work and transcripts can be of service to law enforcement. But as mentioned before, the chance of actual prosecution in these cases is generally small.

 

[shoulda9393]

As much as I understand your reasoning, in practice it is much more complicated as an outsider to point out who is responsible. You can't hold someone accountable on the basis of a retweet. The authorities will research this much more thorough.

As for Molly, I've seen her document the breach very extensively and neutrally, with citations and sources included. She does not take a position on this. In the meantime she has to deal with personal attacks that come from Epik. I wouldn't be surprised if Molly's good work and transcripts can be of service to law enforcement. But as mentioned before, the chance of actual prosecution in these cases is generally small.

Most of her commentary on Twitter is taunting and making fun of Rob. So yea she has a position. But this whole Joey/Molly seems like a (perhaps accidental) smokescreen for whoever might actually know who the hackers were. I would assume someone claiming to be the founder of a crime syndicate taking credit for the hack might know, but maybe he doesn't.

If he did know, he would say he doesn't know. But if he keeps talking with the purpose of drawing attention to himself, within a few years he might accidentally reveal something about his knowledge of the event. This of course is all assuming Anonymous doesn't fall into drama out each other out, which has happened in Anonymous before.

 

[Future Sensors]

Most of her commentary on Twitter is taunting and making fun of Rob. So yea she has a position. But this whole Joey/Molly seems like a (perhaps accidental) smokescreen for whoever might actually know who the hackers were. I would assume someone claiming to be the founder of a crime syndicate taking credit for the hack might know, but maybe he doesn't.

If he did know, he would say he doesn't know. But if he keeps talking with the purpose of drawing attention to himself, within a few years he might accidentally reveal something about his knowledge of the event.

Very interesting, but as long as you don't come up with harder evidence, this won't get you anywhere.

 

[shoulda9393]

Very interesting, but as long as you don't come up with harder evidence, this won't get you anywhere.

I don't think she had anything to do with the literal act of the hack itself. That's some weird gaslighting thing people keep doing to move the goalposts from Aubrey's Anonymous connections to Molly. It's just dumb having potential cheerleaders for founders of crime syndicates in here.

 

[Future Sensors]

I don't think she had anything to do with the hack. That's some weird gaslighting thing people keep doing to move the goalposts from Aubrey from Molly. It's just dumb having potential cheerleaders for founders of crime syndicates in here.

I'd like to hear some more concrete things from you than this. I can also come up with a thousand theories, but that doesn't help us much.

 

[shoulda9393]

I'd like to hear some more concrete things from you than this. I can also come up with a thousand theories, but that doesn't help us much.

Until Anonymous rats each other out like they always do, all that can be done is sit back and watch I guess. Probably will occur on Twitter through accounts claiming to be in or formerly in Anonymous.

 

[Future Sensors]

Until Anonymous rats each other out like they always do, all that can be done is sit back and watch I guess. Probably will occur on Twitter and it won't involve Molly, but rather the members of Anonymous.

Thank you for defending Molly. Appreciate it.

 

[shoulda9393]

Thank you for defending Molly. Appreciate it.

You really need to go to a thread you have relevance to. This thread should only be for those effected by the hack as customers or potential buyers.

 

[Molly White]

You really need to go to a thread you have relevance to. This thread should only be for those effected by the hack as customers or potential buyers.

Is that you? When you joined NamePros and this thread a day ago, you said you were an "uninvolved outlooker".