alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Kingslayer]

As moderators:

We've been criticized and attacked on the topic of #censorship, but there's a positive side to clear expectations: the moderation of NamePros doesn't suffer from bias, favoritism, or hypocrisy:

​

I think NamePros has been fairly tolerant to Epik over the years. In many threads Rob posted in, he got accused of spamming and promoting his company everywhere:-

https://www.namepros.com/threads/ro...out-paying-a-dime.1167267/page-9#post-7532889

https://www.namepros.com/threads/namepros-has-been-taken-over.1163986/#post-7500087

And I believe Rob is the only CEO of a domain registrar to ever have a ban on the forum for ‘spamming’.

I’ve seen threads on here that Epik was right in the middle of from racism/extremism/covid/bullying and other controversial topics that I could never understand why they was allowed to remain open, not only was Epik right in the middle of these threads, as a company they thrived off them, their staff flooded these threads and in my opinion used these threads as promotion and not only that, these threads was promoted on NamePros homepage as ‘most popular threads of the week/month’.

In the same way Twitter played its part into making Donald Trump president of the United States, NamePros contributed into making Epik into the registrar what they are. NamePros awarded Epik ‘NamePros registrar of the year’ if you award a company that and stick your own name on this award, you are pointing forum members in the direction of Epik, some whom may not have any understanding of ‘Epik’ and the other business ties this company has.

Thinking about that, should NamePros take reasonability for its own part in building up brand Epik? Take some reasonability how some forum members have got caught up in this hack and with that review its own rules in how it allows registrars and their staff to use this forum for business and review how it gives ‘registrar of the year’ awards in the future?

 

[johnn]

I think NamePros has been fairly tolerant to Epik over the years. In many threads Rob posted in, he got accused of spamming and promoting his company everywhere:-

https://www.namepros.com/threads/ro...out-paying-a-dime.1167267/page-9#post-7532889

https://www.namepros.com/threads/namepros-has-been-taken-over.1163986/#post-7500087

And I believe Rob is the only CEO of a domain registrar to ever have a ban on the forum for ‘spamming’.

I’ve seen threads on here that Epik was right in the middle of from racism/extremism/covid/bullying and other controversial topics that I could never understand why they was allowed to remain open, not only was Epik right in the middle of these threads, as a company they thrived off them, their staff flooded these threads and in my opinion used these threads as promotion and not only that, these threads was promoted on NamePros homepage as ‘most popular threads of the week/month’.

In the same way Twitter played its part into making Donald Trump president of the United States, NamePros contributed into making Epik into the registrar what they are. NamePros awarded Epik ‘NamePros registrar of the year’ if you award a company that and stick your own name on this award, you are pointing forum members in the direction of Epik, some whom may not have any understanding of ‘Epik’ and the other business ties this company has.

Thinking about that, should NamePros take reasonability for its own part in building up brand Epik? Take some reasonability how some forum members have got caught up in this hack and with that review its own rules in how it allows registrars and their staff to use this forum for business and review how it gives ‘registrar of the year’ awards in the future?

One of the threads that you posted was my thread and I think you are right about Namepros is responsible for letting Rob spam the forum everywhere.

 

[FernandoBMS]

Spam is part of Epik's corporate culture and heritage.

"If the name IntrustDomains rings a bell, its because you’ve likely received unsolicited email from them about an expiring domain name similar to one you own. When I googled “Intrust Domains”, the first page doesn’t include a link to the site. It’s mostly filled with complaints about the company. [Update: Epik says it didn’t acquire the email marketing part of what is commonly known as Intrust Domains.]" (DomainNameWire, 2011)

Edit: Also, for Epik's backstory, there are lots of interesting posts in NamePros accusing IntrustDomains, Market Plaza International, Namebind, Argam Poghosian, Bellnames, goname, and more - of being a network of bad faith actors.

Edit II: And, yeah, of course the russian/ucranian captive dev team that developed "shitty code" is IntrustDomains legacy too.

 

[dirk]

As for the topic of faith, while it is a large part of my personal "why", I foresee a version of Epik coming into view that will formally separate my personal views from the operation of the company. Details about that will be announced. While I do not subscribe to the world view that humans evolved from primates, in no way should my personal views make anyone feel unwelcome at Epik.

 

[mr-x]

As moderators:

We've been criticized and attacked on the topic of #censorship, but there's a positive side to clear expectations: the moderation of NamePros doesn't suffer from bias, favoritism, or hypocrisy:

I and others disagree. See the conversation about forcing people to change their avatar as an example.

We often explain:

NamePros is not a #FreeSpeech website; it is a professional community with rules, standards, integrity, and etiquette. We have many rules and expectations of civility and respect, but they're clear, reasonable, and in the best interest of the community. Within that framework, members are free to express their opinions and ideas, even if unpopular.

For anyone looking for something different, there are other websites out there, but those websites will likely disappoint: be unpleasant or full of hypocrisy. We're nothing if not consistent and fair.

---

Andrew Allemann of @DomainNameWire wrote:

​

Yes.

Free speech is clearly defined in the Bill of Rights. NP is a private company and make decisions about what is allowed / disallowed without interference because of the #1A.

We don't have to agree.

 

[Derek Peterson]

Current-day hacktivism is one of an innate understanding of political theatre and narrative. It exists to serve as the checks and balances to neutralize threats to democratic and societal stability when the State lags behind or does not fulfil their role expeditiously.

It exists as an ally of the greater whole.

As do I.

So literally admitting to be fed mercenaries? My early childhood was spent under the control of the state and they were not very good me. I'm gonna pass. Seems like you and your little fury, pedo peddling buddy there are on the wrong side of things. No offense, but you all are not the sort of folks I want managing my speech.

Funny how you all never get the goods on Palentir, facial recognition companies, killer drone companies, bio-weapon labs, 23andme or any of the other companies that are actually trying to enslave and kill humans. Just focus on people who believe the US constitution or the Bible and try to live by it and especially those that do so in defiance of a tyrannical govt.

Anonymous aren't rebels trying to protect humanity from tyrants, they're Brownshirts.

 

[Kirtaner]

So literally admitting to be fed mercenaries? My early childhood was spent under the control of the state and they were not very good me. I'm gonna pass. Seems like you and your little fury, pedo peddling buddy there are on the wrong side of things. No offense, but you all are not the sort of folks I want managing my speech.

Funny how you all never get the goods on Palentir, facial recognition companies, killer drone companies, bio-weapon labs, 23andme or any of the other companies that are actually trying to enslave and kill humans. Just focus on people who believe the US constitution or the Bible and try to live by it and especially those that do so in defiance of a tyrannical govt.

Anonymous aren't rebels trying to protect humanity from tyrants, they're Brownshirts.

Oh make no mistake, Peter Thiel and his operations are very much a PoI of ours.

And I'm no Fed.

 

[Derek Peterson]

As moderators:

We've been criticized and attacked on the topic of #censorship, but there's a positive side to clear expectations: the moderation of NamePros doesn't suffer from bias, favoritism, or hypocrisy:

​

---

We often explain:

NamePros is not a #FreeSpeech website; it is a professional community with rules, standards, integrity, and etiquette. We have many rules and expectations of civility and respect, but they're clear, reasonable, and in the best interest of the community. Within that framework, members are free to express their opinions and ideas, even if unpopular.

For anyone looking for something different, there are other websites out there, but those websites will likely disappoint: be unpleasant or full of hypocrisy. We're nothing if not consistent and fair.

---

Andrew Allemann of @DomainNameWire wrote:

​

Yes.

I think you all are dong a fine job with moderation. The issue should not be about your moderation rules but rather if you implement them consistently. It is great you realize that and try hard to do it.

 

[Bravo Mod Team]

NamePros awarded Epik ‘NamePros registrar of the year’ if you award a company that and stick your own name on this award, you are pointing forum members in the direction of Epik, some whom may not have any understanding of ‘Epik’ and the other business ties this company has.

To be clear, when you write “NamePros,” you are referring to the community and not the website.

NamePros, the website, did not award Epik with that title. The promotion that you described is entirely automated based on community activity: popular threads are displayed based on the number of unique participants.

We had no involvement in Epik winning the poll in March 2020, and we had no involvement in Epik losing the poll in Dec 2020 - Jan 2021.

Community members have been hosting “registrar of the year” polls for a long time, including:

• 2016 - Favorite Domain Registrar Poll
  • @GoDaddy won. Namecheap was the runner-up.
• 2017 - Who is the best registrar in the business?
  • @GoDaddy won. NameSilo was the runner-up.
• 2019 - Who is the best registrar in the business?
  • @namesilo won. GoDaddy was the runner-up.
• March 2020 - Who is the best registrar in the business?
  • @epik won. Dynadot was the runner-up.
• March - April 2020 - Which registrar do you feel safest with?
  • @Dynadot won. Epik was the runner-up.
• Dec 2020 - Jan 2021 - Best/Favorite Registrar - End of year poll
  • @Dynadot won. Epik was the runner-up.
  • (This poll was created by the creator of the 2016 favorite registrar poll, in response to a community discussion titled: About Best Registrar Polls.)

In much the same way that you may blame us for Epik winning, Rob blamed us for the next poll, calling us thuggish for allowing a community-decided poll to run:

It was classless and thuggish to allow [redacted full name] (JB Lions), an avowed Epik attack dog, to host a Best Registrar poll. NP could not have picked a less neutral person.

Again, we had no involvement in the creation of that poll, and we did not pick who created it.

Did Rob want us to censor it?

See the conversation about forcing people to change their avatar as an example

Avatars are held to the same standard as posts.

Learn more:

• https://www.namepros.com/threads/guidelines-for-usernames-and-profile-photos.1027786/

We’re happy to discuss this in more detail, but please create a new thread for it.

Thanks.

 

[DN Playbook]

One of the threads that you posted was my thread and I think you are right about Namepros is responsible for letting Rob spam the forum everywhere.

NP gave RM plenty of rope to hang himself. Also he was an advertiser for a while.

To be clear, when you write “NamePros,” you are referring to the community and not the website.

NamePros, the website, did not award Epik with that title. The promotion that you described is entirely automated based on community activity: popular threads are displayed based on the number of unique participants.

We had no involvement in Epik winning the poll in March 2020, and we had no involvement in Epik losing the poll in Dec 2020 - Jan 2021.

It is quite obvious that Epik had a lot of staff accounts, as well as proxy accounts, which manipulated the results. Then Epik placed a self-made award badge and statement on their home page, "Epik recognized as Best Registrar Worldwide in NamePros 2020 Annual Industry Vote". It certainly makes it sound like this was awarded officially by NamePros, not just the community. You should have a policy against claims that imply NamePros, the website, has awarded something when, in fact, it was a simple forum poll that has no real validity or representation of the industry, no judges, no standards, no backing of or verification by NamePros.

 

[johnn]

Just found out that Epik has 37 staff members here at Namepros.
Why on earth a small company like Epik allow to have 37 staff members here for what? so they can help Rob spam the forum.
I bet he pay little or nothing for these people working for him.
Everything he did as an CEO of a company is wrong.
He keep spamming that his company is the best on earth with all the latest technologies and when the hacking happened he has been hiding like a rat in a kitchen. When we found out that he store customer data in plain text.
He complained about people need to have an "open discussion" from the other dead forum and when I posted the information here he deleted the thread. This guy CANNOT BE TRUSTED.
What I don't understand is there are still some people think Rob is a good guy and PROMISED to stay with Epik and not moving the names out. Why?
I saw many sale listings here with Epik and not too many interests in these names.

Another words: "I know the house is on fired but I love the house so I will come back to the house regardless if the house will be fixed or not"

 

[Bravo Mod Team]

Just found out that Epik has 37 staff members here at Namepros.

Johnn is referring to Verified Company Representatives:

• https://www.namepros.com/members/?type=reps

Learn more:

• https://www.namepros.com/threads/verified-company-representative-badges.860810/

 

[karmaco]

That sounds like they are about to sell Epik off which would not surprise me. How else does faith/religion get separated from a registrar run by Rob? I heard rumors they were looking to sell earlier this year.

 

[Kingslayer]

Just found out that Epik has 37 staff members here at Namepros.

I knew they had a lot, but I never knew they had that amount of representatives.

I remember when they got 'NamePros registrar of the year' a few members wondered how many who voted for Epik was Epik staff members.

 

[bmugford]

I knew they had a lot, but I never knew they had that amount of representatives.

I remember when they got 'NamePros registrar of the year' a few members wondered how many who voted for Epik was Epik staff members.

That entire poll was nonsense IMO.

Epik and staff were basically using self-promotional marketing and lobbying for votes.

On top of that their margin over Dynadot was well under the amount of Epik staff badges on NamePros, which is a disproportionately high number for a small company.

Then after winning they flogged it in their marketing materials as if it was some monumental achievement and a full endorsement from NamePros and the entire domain community.

When the same poll was run at the end of the year, Epik did not win, and had far less votes.

Brad

 

[Kingslayer]

That entire poll was nonsense IMO.

Epik and staff were basically using self-promotional marketing and lobbying for votes.

That’s why I said maybe NamePros should review how it gives ‘registrar of the year’ awards in the future.

Then after winning they flogged it in their marketing materials as if it was some monumental achievement and a full endorsement from NamePros and the entire domain community.

The whole 'endorsement' is what I meant by when you stick your name on an award (NamePros) it is like you are 'endorsing' it as the best registrar and when you look at what’s happened, many forum members being caught up in this mess, I do wonder how many signed up to Epik as result of this award.

 

[Future Sensors]

Source: https://texasgop.org/data-breach/

 

[Save Breach]

I take some of my words back. There was only one issue that wasn't paid for, they say that's a staging server so I think I will agree to that it wouldn't be impactful.

Epik did pay a few bounties to me like a $400 bounty in April this year, as in-store credit and they fixed the issue. As I always said, @Rob Monster is a good person, he is responsive and I have nothing against him, he did respond to me personally at times support didn't. I do know he is going through a hard time but I think they should work on resolving the security issues to prevent any breach in the future. I continue to be on good terms with them as of now. I like their stance on anti-censorship and anonymity.

Breaches do happen, it's hard to make software 100% fault-tolerant. You can never make a 100% secure system. Being in this industry, I know so many people who never reported critical incidents/breaches that happened and never kept logs, it's far too common.

My advice to Rob would be to get a good CISO, to assist him in making policies on the information security side. Probably they need massive improvements to their security and I heard much of it is underway. I am ready to give them another chance and I hope they will be back stronger.

 

[mr-x]

Another victim of criminal, cyber terrorist.

Source: https://texasgop.org/data-breach/

Show attachment 201654

 

[Future Sensors]

Another victim of criminal, cyber terrorist.

This was already mentioned in the press and on Twitter. What we are now starting to see are these formal notifications and investigations by Epik customers that were part of the same breach.