alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Kirtaner]

I personally suggest looking up the 2011 hack of HB Gary, and just how badly they were ruined, for an idea as to the scope of the situation here. Comparisons are being made left and right to that incident. The more they try to cover this up and stay silent, the worse it will be for them.

 

[mr-x]

Speaking of criminal organizations, where was Rob Monster sending his customer's data logs?

It that a rhetorical question, to justify the felony breach of a computer network?

 

[Beezy]

It that a rhetorical question, to justify the felony breach of a computer network?

No. I can't believe this goon is still here playing games.

 

[mr-x]

No. I can't believe this goon is still here playing games.

I'm not sure what you mean.

 

[Beezy]

I'm not sure what you mean.

There was data being sent to Russia. To / for whom?

WTF is that too complicated of a question.

 

[mr-x]

There was data being sent to Russia. To / for whom?

WTF is that too complicated of a question.

I'm not here to justify epik's business practices. I don't know why logs were sent to RU. I've heard accusations and justifications but I don't really care. It will come out in the end.

 

[eternaldomains]

Care to explain @Rob Monster?

Why was the tweet informing customers deleted?
Why no information on the 2nd or 3rd leak?

Well, since the tweet contained an unmasked full email address, perhaps security @ E got spammed to death?

I tried some things (don't ask how, my method may feel a bit "hacky/unethical") and it seems that security @ E is no longer an active address. Has anyone here tried to send an email there lately?

I don't use Twit, so is it possible to edit a tweet without deleting the whole thing?

PSA: If you were required to reset your password on NamePros, we'd appreciate if you provided feedback. We've never had a mandatory password reset affect this many members; we'd like to ensure we use this opportunity to improve the process for future incidents. The feedback thread is public: do not post anything sensitive.

So it seems my initial suspicions on anti-domainer attacks still stands....... can't they just let people make a living?




On another note, I've finished up my Masterbucks totaling mid-high-XXX without any problems, and the amounts sent are slightly higher on subsequent withdrawals, also probably due to the market movements. So I thank E for at least fulfilling their duty and not taking members' money.

But I still have in-store credits forever stuck there. Was hoping E would be kind enough to let me reconvert back to MBucks (originally was from MBucks, turned into credits from tasting domains), but that was sadly not allowed. If anyone E-xiting still has credits, you better spend them all as a precaution. Reg or renew, just don't transfer obviously. Safer to have assets in domain than credits in case E gets sued to death. ICANN can only save names, not money.

 

[mr-x]

@Beezy I think the lawyers will be worse than the hackers. They have the ability to subpoena records and testimony.

 

[internext]

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

 

[Jona4s]

If you are sincerely concerned about Epik users

I do care about the users, that's why I took the time to analyse half a terabyte of data

But what good does it have when you can't post anything material here.

When it comes to cybersecurity, there should be no restriction, double speech, half-truths or sugar-coating. You should always be completely honest in what's out there on the wild.

 

[Jurgen Wolf]

Chromium on Linux is sandboxed by default.
So it was hacked or not - doesn't matter.

You can't sandbox Epik and be safe.

 

[johnn]

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

How do you support them when they don’t care about customer data and store them in plain text?

 

[Future Sensors]

The return of the hacktivists

"Epik was the ‘Swiss Bank’ of domain registration services, according to its founder Rob Monster. Privacy was an organising principle, he said. Unlike other domain providers, Epik would afford its users a safe haven to freely express themselves on the websites they registered with the company without intervention." [...]​

Read more: https://techmonitor.ai/technology/cybersecurity/the-return-of-hacktivists

 

[kam]

The truth is Rob, and not many others, have ever dealt with this level of data breach. It is almost unprecedented in nature.

If Rob can't make a detailed statement about the breach because of legal reasons, he needs to say that. If he deleted the tweet because he was advised to, he needs to say that.

Otherwise, the silence is damning and looks like they are just trying to ignore it and move on like it was business as usual.

When you are deleting tweets, and providing no updates it doesn't look good.

Brad

In normal case, if only a little portion of data is leaked. The company can make a statement quickly and stated that what kinds of information is remain safe and told their customer don't have to worry about it.

However, when most of the data were stolen, the company can't go for this route and remain silent may be the best choice.

Because if the company made an statement regarding which data are remain safe. The hackers may choose to leak out such data to make the situation worse.

I think there are nothing they can do now except pray.

 

[Derek Peterson]

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

You are free to start another thread related to the hack of google or any other company

You guys want to slam Epik non-stop. And be holier-than-thou about your judgment. Why not support them? It's more fun to tear them apart once a gang mentality has taken hold though, obviously.

A pound of flesh is just the beginning for some of you here. And so many experts. My God those hackers would never stand a chance if the critics here were on Epik' side!

So, do you want to shut down Google too? Their Chrome browser is been hacked and is actually currently being deemed as dangerous to use. And the company that manages texts for AT&t Verizon and T-Mobile just reported that they were hacked 5 years ago and that text have been insecure ever since and they're just letting us know now.

But let's just jump all over Rob Monster shall we? Because these giant companies with unlimited funds can't even keep data safe but you expect Epik to be impenetrable.

Here's a clue for you all. Epik and us are victims of criminals. And I'm sick and tired of hearing about well he kept the door unlocked. It still takes a thief to barge in.

Anyway just wanted to put it out there to all you people thirsting for blood that maybe you can shift some of your bloodlust to Google and to this text company. They have a lot more resources to have kept our data safe. And they kept their breaches which are far more dangerous secret for years.

Pitchforks at the ready.....

Unleash the hounds!

You are free to start another thread dedicated to the hack of google or any other company but since this is a website dedicated to the domain industry it probably won't be as popular.

Now, let me respond to this pitiful defense of the criminal actions of Rob Monster and Epik, which is the topic of this thread.
1) He has lied about products and services for years putting user privacy in danger and when exposed threatened and tried to silence those who revealed those things. Myself included.
2) He has helped cover up lolicon and porn networks and profited from it.
3) He has helped partner companies commit SEC fraud.
4) He has hired internet stalkers to dox and harass young women because he didn't like a wiki entry they made.
5) He has made no attempt to notify or protect users of the recent hacks except "cursing the data".

 

[Derek Peterson]

I do care about the users, that's why I took the time to analyse half a terabyte of data

But what good does it have when you can't post anything material here.

When it comes to cybersecurity, there should be no restriction, double speech, half-truths or sugar-coating. You should always be completely honest in what's out there on the wild.

Yeah, I don't know the situation there but maybe post somewhere else and link to it here?

 

[Lox]

PDF Attached

 

[Derek Peterson]

PDF Attached

Show attachment 201335

Terrible infographic, they didn't even mention cursing data!

 

[bmugford]

I think there are nothing they can do now except pray.

I think they already tried that. It didn't seem to end well.

In lieu of that, maybe they can actually do something useful like hire some experts in the field that can actually design a system that is not based on "shitty code" and employs acceptable security measures.

Brad

 

[frank-germany]

I had moved all away .. ago when I realized that Rob Monster didn't care about user privacy .... but I do not trust or respect Rob Monster and with good reason.

yes, Sir.

me too