alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[jmcc]

they will just check what Epik itself submitted to relevant authorities (breach notices),

Just to clarify this in respect to ICANN correspondence, a breach notice is when ICANN informs a registrar or registry that it is in breach of its contract with ICANN. Epik or its lawyers have to file breach notices about the databreach with various state or national authorities. All these breaches and breach notices get a bit confusing after a while.

Regards...jmcc

 

[bmugford]

But there has been national coverage. We don't know if they are working with ICANN but that is most likely.

I can't help notice people keep bringing the same subject over and over. It's not like it's in epik's best interest to reveal what is happening. I would think law enforcement would tell them not to.

It was not in Epik's best interest for Rob to hold a disastrous 4 hour video call, but that happened.

It is also not in Epik's best interest for Rob to send multiple whiny, preachy emails to Paul complaining about NamePros, but that happened.

I am not giving Epik the benefit of the doubt, after seeing how they secured customer's data and after their initial actions of trying to downplay these events.

The fact they have deleted their initial breach notice to customers on Twitter makes it even worse.

Deleted Tweet -

https://web.archive.org/web/20210925231337/https://twitter.com/EpikDotCom/status/1439020408783654917

 

[marijuanadomain]

More indepth bad news about epik

https://www.kuow.org/stories/seattle-now-an-epic-hack-of-online-extremists

Good listening news

yeaaaaaaa

 

[Future Sensors]

they will just check what Epik itself submitted to relevant authorities (breach notices), calculate potential $$$ income for the law firm, and act accordingly.

I don't think it's that kind of company. Their track record is good.

https://chimicles.com/case-results-map/

 

[dirk]

It all depends on the lawyer(s) and their financial motivation imo. Will lawyers download all the torrents? What their next step would be? Are they aware what a torrent file is, or what to do with a disk image (2nd and 3rd leaks)? Not too likely. I'd guess that, from practical point of view, they will just check what Epik itself submitted to relevant authorities (breach notices), calculate potential $$$ income for the law firm, and act accordingly.

I haven't looked into the specific firm but I suppose if they have some tech experience it wouldn't be too hard. It's not rocket science once you've got pointers where to look. Any hobbyist can do it.

Going through everything if you don't know what you're looking for, yes. That's a lot of work and takes some advanced skills.

 

[Derek Peterson]

Thanks setting things in the clear.
Then I hope everyone will do what @Derek Peterson did.

I'm sure many thread readers would love to hear your perspective on the current situation.

Feds are mostly scumbags also, when no crimes exist they are always happy to create some, even when it involves human trafficking and porn. Best option is to make a video or document in some way and cut them off. When stripe watched my video on gab porn they cut off gab and with no payment processor gab had to shift grifts away from the porn and loli. Feds can't fund honeypot like that directly. Hard to stop low moral feds in their dumb operations but you can manipulate them into doing less harm.

Yeah, I agree most of these hacker types are feds. They might not think they are but if they working with the feds to entrap and expose then they are feds in my book. IMHO it is all meant to incite left vs right paradigm so they can control all. Look at the people they use, the demon hacker guy dresses up like the perfect evil villain for the right to point at and right has goofballs doing hitler salutes and "nazi" websites like gab, which was started by a Jew, Indian and a Turk or Parler, which is owned by a Jewish family but they are all some how "nazi" sites. It is all just created drama to manipulate people. Good people rise above the drama and fear porn and focus on helping other human beings.

 

[mr-x]

It was not in Epik's best interest for Rob to hold a disastrous 4 hour video call, but that happened.

We've all agreed it was a mistake, I'd call it disastrous. Certainly no reason to repeat that mistake.

It is also not in Epik's best interest for Rob to send multiple whiny, preachy emails to Paul complaining about NamePros, but that happened.

I imagine he is under a lot of stress. Rob is an eccentric personality during the best of times. He has no business doing P.R. or talking about what is happening.

I am not giving Epik the benefit of the doubt, after seeing how they secured customer's data and after their initial actions of trying to downplay these events.

I'm not suggesting you give them the benefit of doubt. Just be realistic about what they can / can't say. I wish Rob would hire an experience spokes person but I don't expect that would satisfy his critics.

The fact they have deleted their initial breach notice to customers on Twitter makes it even worse.

Brad

OK.

 

[bmugford]

We've all agreed it was a mistake, I'd call it disastrous. Certainly no reason to repeat that mistake.

I imagine he is under a lot of stress. Rob is an eccentric personality during the best of times. He has no business doing P.R. or talking about what is happening.

I'm not suggesting you give them the benefit of doubt. Just be realistic about what they can / can't say. I wish Rob would hire an experience spokes person but I don't expect that would satisfy his critics.

OK.

The truth is Rob, and not many others, have ever dealt with this level of data breach. It is almost unprecedented in nature.

If Rob can't make a detailed statement about the breach because of legal reasons, he needs to say that. If he deleted the tweet because he was advised to, he needs to say that.

Otherwise, the silence is damning and looks like they are just trying to ignore it and move on like it was business as usual.

When you are deleting tweets, and providing no updates it doesn't look good.

Brad

 

[mr-x]

The truth is Rob, and not many others, have ever dealt with this level of data breach. It is almost unprecedented in nature.

If Rob can't make a detailed statement about the breach because of legal reasons, he needs to say that. If he deleted the tweet because he was advised to, he needs to say that.

You're right, we don't even know if epik deleted the tweet. I suspect they didn't because there is no upside to deleting it. If they admit that, things would look even worse. Just speculation.

Otherwise, the silence is damning and looks like they are just trying to ignore it and move on like it was business as usual.

When you are deleting tweets, and providing no updates it doesn't look good.

Brad

 

[Derek Peterson]

You're right, we don't even know if epik deleted the tweet. I suspect they didn't because there is no upside to deleting it. If they admit that, things would look even worse. Just speculation.

What are you talking about? Of course Epik deleted the Tweet. If the hackers hacked Epic's twitter account I'm sure they would have done something more entertaining than just delete the notification tweet.

 

[bmugford]

You're right, we don't even know if epik deleted the tweet. I suspect they didn't because there is no upside to deleting it. If they admit that, things would look even worse. Just speculation.

I am pretty sure they deleted the tweet. Why is the major question to me.

Brad

 

[Evil.dll]

Attorneys want to make great money so if they have no understanding of a case or what is true or not true they will not waste their time. Some rando anon on a fourm saying they got EVERYTHING is not going to get them to motivated to make great money. A nice document with examples and PROOF will.

I am not getting paid to give you any insight, nor am I a customer of Epik. The reason you spent an hour on the phone with attorneys is because without proof of what you, a rando, on some forum, is throwing out all of your “research” without any substantive proof. If I had any further information, I would not make it available to you or anyone else who does not understand what they are looking at. I am certainly under no obligation to provide attorneys you seek consideration from, any opportunity to enrich yourself. What I am saying is you are pleading for someone to help you understand this hack, I am saying there are qualified professionals on here that have given you free advice, ones that have seen the data, something you have not. I may play a rando on this forum, but that does not mean I am not telling you the truth. You just choose to see it through your own perception which may or may not be correct. I guess the best explanation I can provide you with, Sport, is that it appears the “Data is Cursed”

 

[Derek Peterson]

I am not getting paid to give you any insight, nor am I a customer of Epik. The reason you spent an hour on the phone with attorneys is because without proof of what you, a rando, on some forum, is throwing out all of your “research” without any substantive proof. If I had any further information, I would not make it available to you or anyone else who does not understand what they are looking at. I am certainly under no obligation to provide attorneys you seek consideration from, any opportunity to enrich yourself. What I am saying is you are pleading for someone to help you understand this hack, I am saying there are qualified professionals on here that have given you free advice, ones that have seen the data, something you have not. I may play a rando on this forum, but that does not mean I am not telling you the truth. You just choose to see it through your own perception which may or may not be correct. I guess the best explanation I can provide you with, Sport, is that it appears the “Data is Cursed”

LOL. The Monster curse will be a great meme that will live long after the data issues related to the hack.

 

[mr-x]

What are you talking about? Of course Epik deleted the Tweet. If the hackers hacked Epic's twitter account I'm sure they would have done something more entertaining than just delete the notification tweet.

Thanks, as I said it was must my opinion. You don't have to like it.

 

[mr-x]

LOL. The Monster curse will be a great meme that will live long after the data issues related to the hack.

Good to see you're not emotional invested in the current events.

 

[Derek Peterson]

Good to see you're not emotional invested in the current events.

Of course I have emotions for the users who have been left in the dark but I have about none for Rob Monster or Epik. They've never cared about user privacy or security, which is proven by their previous false claims regarding VPN and DDoS going back years. That is the very attitude that created a culture where something like this hack to occur. Epic and Rob never cared about users, and obviously still don't.

Now you, on the other hand seem very much emotionally invested in Rob, or perhaps economically. When was the last time you communicated with the Monster?

 

[mr-x]

Of course I have emotions for the users who have been left in the dark but I have about none for Rob Monster or Epik. They've never cared about user privacy or security, which is proven by their previous false claims regarding VPN and DDoS going back years. That is the very attitude that created a culture where something like this hack to occur. Epic and Rob never cared about users, and obviously still don't.

Now you, on the other hand seem very much emotionally invested in Rob, or perhaps economically. When was the last time you communicated with the Monster?

I chatted by email with Rob about his services a few years ago, I've never spoken to him in person. I don't know him, haven't contacted any of his employees.

I'm a #1A advocate. I don't care for criminal organizations, I'm not as smart or patient as you are.

 

[Paul]

PSA: If you were required to reset your password on NamePros, we'd appreciate if you provided feedback. We've never had a mandatory password reset affect this many members; we'd like to ensure we use this opportunity to improve the process for future incidents. The feedback thread is public: do not post anything sensitive.

 

[Derek Peterson]

I chatted by email with Rob about his services a few years ago, I've never spoken to him in person. I don't know him, haven't contacted any of his employees.

I'm a #1A advocate. I don't care for criminal organizations, I'm not as smart or patient as you are.

That's great! I'm also a strong advocate for the 1A but here is the thing you need to come to grips with, Rob has been making false claims about his products and services for years and threatening people with lawsuits or worse if they expose those false claims. He has hired investigators to dox and harass people who didn't do what he wanted. He has helped cover up lolicon and porn networks. He has helped partners commit SEC fraud. Rob Monster and Epik are also a criminal organization.

 

[Beezy]

I chatted by email with Rob about his services a few years ago, I've never spoken to him in person. I don't know him, haven't contacted any of his employees.

I'm a #1A advocate. I don't care for criminal organizations, I'm not as smart or patient as you are.

Speaking of criminal organizations, where was Rob Monster sending his customer's data logs?