IT.COM

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Notably, many of the passwords appear to have been replaced with placeholders that don't appear long enough to be hashes. I'm not certain this was the hacker's doing, but it's a sign they might have kept some of the data for themselves. If that's the case, I would assume that money is also a motive, if not the primary motive.
This might be restating the obvious but that unsalted MD5 hash claim about password storage was worrying. If the passwords were hashed and stored using unsalted MD5, it is game over. Having a "strong" password in that case will not save anyone's password because there are techniques that can be used to "break" the hashed passwords. Obviously, people should not use the same password on multiple sites and should immediately change passwords if they have not done so.

Regards...jmcc
 
8
•••
Folks, no need to be worried about your password and credit card information. Monster is praying.
 
9
•••
The main issue is not that they were hacked, but with their worldwide image (it affects our sales definitely).
 
6
•••
Update:

now, most of you will have seen our first official update sent via email today.

Quick supplemental update:

- Cyber forensic work is moving swiftly.

- Our engineers believe the hack is of an aged remote backup, not of Epik's core production.

- No customer domains have been impaired to our knowledge. More domains arrived today than left Epik.

- Our support team is doing an excellent job.

Cyber security is no joke. If this can be done to Epik, it can be done to anyone. As it was, we were already in the process of heavily investing in this arena. Lord-willing, we will once again emerge stronger from the experience.

On a personal note, I am thankful for the outpouring of support. May those of you who choose to stand with Epik all be greatly blessed, both in this life, and the one to come.

Regards,

Rob
 
18
•••
I have been unable to login into my account at all It tells me wrong username and password. Can everyone login?

Just logged in no problem. I have had 2 factor on all along though.
 
4
•••
Update:

now, most of you will have seen our first official update sent via email today.

Quick supplemental update:

- Cyber forensic work is moving swiftly.

- Our engineers believe the hack is of an aged remote backup, not of Epik's core production.

- No customer domains have been impaired to our knowledge. More domains arrived today than left Epik.

- Our support team is doing an excellent job.

Cyber security is no joke. If this can be done to Epik, it can be done to anyone. As it was, we were already in the process of heavily investing in this arena. Lord-willing, we will once again emerge stronger from the experience.

On a personal note, I am thankful for the outpouring of support. May those of you who choose to stand with Epik all be greatly blessed, both in this life, and the one to come.

Regards,

Rob
Even if it's an older backup, it still has profile information, just not the up to date transfer information.
 
4
•••
Correct.



Well, there were definite lapses in their security--I would go so far as to say a concerning amount, but the only data I have is the data that an attacker was willing to release.



We don't know the motivation, though. Preliminary evidence points to some combination of hacktivism, money, and/or amusement. All we have to go on for the first option is the attacker's word, which I'm not inclined to trust. There are discrepancies in the data that indicate money was a possible factor, and the close affiliation with 4chan means it could've simply been for amusement. None of the evidence favoring any of these options is sufficient to draw a solid conclusion; we'll need to wait until we have more info.

We don't know the motivation? Are you joking? Please tell everyone you're joking. What part of their own words are you having trouble parsing?

dontbedumb.jpg


Why must people continue this strange "head in the sand" charade when it comes to simply acknowledging the genuine threats that America (and other countries) actually have? The extreme left's tactics have always been to invert actual racism and fascism. They take it upon themselves to attack those who protect free speech. They literally continually invert the definition of nazism, and when actual fascist tactics are deployed (such as this hack), people then sheepishly make statements like "we don't actually know yet why they did it"....despite the hackers openly admitting why they did it. You don't even have to connect the dots in this case. I'm wagering that Sherlock Holmes can rest easy tonight.

All of this is truly an unbelievable sight to behold, really.
 
Last edited:
11
•••
@The Rover is absolutely correct, as long as one is willing to believe everything that a hacker tells them. Is everything else in that "press release" true then, too?
 
7
•••
@The Rover is absolutely correct, as long as one is willing to believe everything that a hacker tells them. Is everything else in that "press release" true then, too?

It seems it was somewhat politically motivated at least. I also seem to remember something about a russian host being hacked?

Even if done for the money, the target has been chosen based on their beliefs.
 
1
•••
@The Rover is absolutely correct, as long as one is willing to believe everything that a hacker tells them. Is everything else in that "press release" true then, too?

Oh, I'm sorry, did I actually state that "everything in the hacker's statement was true". No, I didn't. So why bother straw manning this? You'll only look foolish. Absurd claims that this isn't somehow a political attack is either gross naivety and/or simply bias driven. The delusion is worst than I thought.
 
3
•••
It seems it was somewhat politically motivated at least. I also seem to remember something about a russian host being hacked?

Even if done for the money, the target has been chosen based on their beliefs.

Yep! But apparently some folks here wish to avoid that point. Why? Because many truly loathe Rob and Epik.
 
3
•••
Even if it's an older backup, it still has profile information, just not the up to date transfer information.

Agreed. It doesn't change much. Since they have been able to get access to a remote backup that probably means they have/had access to the core/live system. Not good when your remote backups are compromised.
 
1
•••
@The Rover I think it's probably correct that this was based on the politics of epik, I just think it's interesting that the evidence you provided was "the hacker said it," I was surprised you would put so much stock in what the hacker says. I can go line by line if you're still confused.
 
1
•••
8
•••
@The Rover I think it's probably correct that this was based on the politics of epik, I just think it's interesting that the evidence you provided was "the hacker said it," I was surprised you would put so much stock in what the hacker says. I can go line by line if you're still confused.

It's good to see that you're finally admitting that Epik was very likely attacked for their politics. Beyond that, I have no idea what point you think you're attempting to make, nor do I care. My one and only position this entire time, was that they were attacked because of their ideology. You're welcome to scroll up if you're still confused.
 
Last edited:
1
•••
In other words, change your lifestyle and be happy.
 
2
•••
4
•••
I think we should stand with Rob in this tough time. This is not his fault at all. Everyone has the right to freedom of speech and express his beliefs. Domaining won't be fun without Epik. I mean who else offers $0.99 ".CO" deals for bulkers with great tools? :-P

Regarding the data leak, I think people should not really worry about it unless it's their passwords or card info (which is not there) considering too many data breaches got public recently and they probably already contain your emails. It's no surprise anymore and no one would have time to look up your personal details out of millions of domains and misuse them unless you're popular like Rob. The worst you can expect is a few spam emails that you're already receiving.

The only problematic thing is Rob's last name which is opposite of his religious beliefs. :xf.laugh:
 
8
•••
Wikipedia is having wet dreams on it —This company has the worst bias against em

Very observant Samer!

I too have noticed that when googling various registrars, all the others give me that particular registrar as the first search hit yet googling Epik gives me the obviously tainted Wikipedia entry first and then Epik second. So no obvious manipulation and bias there!! (sarc) Now who would have the power to manipulate search results, and why? The media reports of Epik also contain obvious bias.

A headless chicken can see that some very powerful people have a vendetta against Rob and Epik. Sadly some humans cannot, and the rest are part of the AI or troll army to hammer him. The army of fearmongerers pushing people away from Epik is also apparent.

This alleged hack, whether real or not, is also an obvious psyop against Epik. How many hackers make up catchy slogans like "Operation Epik Fail"? I didn't know hackers had such clever marketing skills, nor that they fight against those people who advocate/protect free speech, the very thing they themselves claim to protect!

People might also want to research Operation Talpiot and Sandy Bridge and then realize that every computer is designed to be hacked into, and built right into both hardware and software. Every computer is easily accessible. But when there is an agenda to achieve specific people are always targeted.

I won't be moving any domains from Epik.
 
10
•••
The wikipedia entry isn't tainted. Your posts are.
 
2
•••
LINK: https://onlinedomain.com/2021/09/16/domain-name-news/epik-was-hacked/

This was the content of the website epikfail.win:
(I have only removed the link to the torrent with all the hacked data and a password.)

*****************************************************************************************
________ __ .__
\_____ \ ______ ____ _______ _____ _/ |_ |__| ____ ____
/ | \ \____ \ _/ __ \ \_ __ \\__ \ \ __\| | / _ \ / \
/ | \| |_> >\ ___/ | | \/ / __ \_ | | | |( <_> )| | \
\_______ /| __/ \___ > |__| (____ / |__| |__| \____/ |___| /
\/ |__| \/ \/ \/
________ _______ _____ ___ ____ ________ _ _____ _____
|_ __ | |_ __ \ |_ _| |_ ||_ _| |_ __ | / \ |_ _| |_ _|
| |_ \_| | |__) | | | | |_/ / | |_ \_| / _ \ | | | |
| _| _ | ___/ | | | __'. | _| / ___ \ | | | | _
_| |__/ | _| |_ _| |_ _| | \ \_ _| |_ _/ / \ \_ _| |_ _| |__/ |
|________| |_____| |_____| |____||____| |_____| |____| |____| |_____| |________|

*****************************************************************************************

OFFICIAL ANONYMOUS (not to be confused with 'Anonymous Official' grifters) PRESS RELEASE
SEPTEMBER 13, 2021
NOTORIOUS "HACKERS ON ESTRADIOL" PRESENT GRAND REVEAL
OF ROB "HITLER SHOULD'VE WON" MONSTER'S EPIK FAILURE

You know, when you name a company "Epik",
that implies something really big's going to happen.
Deserving of the name.
Well, after years of bolstering the worst trash the Internet has to offer,
this is, truly, the Epik moment we've all been waiting for.

Contained within this release, the following delicious morsels
that will surely be digested for months to come:

A decade's worth of data from the company. That's right, everybody.

Time to find out who in your family secretly ran an Ivermectin horse porn fetish site,
disinfo publishing outfit, or yet another QAnon hellhole.

Want to know when a nation-state decided to offer hosting to some domestic terror groups,
without those pesky DDoS mitigating reverse proxies getting in your way?
Want to know the identity of the owner of a domain or large set of domains
used in yet another influence/information operation?
Decloak origin IPs of nazi websites for further investigation, poking, prodding!
Map out a decade of online fash with a level of clarity nobody has been able to UNTIL NOW!

WHAT YOU GET FOR THE LOW LOW PRICE OF $0.00

* All domain purchases
* All domain transfers in/out
* All whois history, unredacted
* All DNS changes
* All email forwards, catch-alls, etc
* Payment history (no credit card data, don't get excited, FBI, we're not in that game)
* Account credentials for:
all Epik customers, hosting, Anonymize VPN, and so on
Epik internal systems, servers
Epik's GoDaddy logins
...and more! IN PLAINTEXT! That's right, Epik barely hashed a damn thing!
When we saw hashes, they were merely unsalted MD5
Here's one such sample that made us upset for daring to use "anon":
Rob Monster ****@epik.com ******** ************ (cracked: willem)
Yep, these Russian developers they hired are actually just that bad.
They probably enjoyed snooping through all of your shit just as much as we did.
* Over 500,000 private keys. What are they for? Who knows!
* We think we spotted a bunch of Anonymize OpenVPN profiles in this,
but we were too disgusted with the above to continue digging.
* A dump of an employee's mailbox, just because we could.
* Git repositories for whatever internal applications!
* SSH keys!
* /home/ and /root/ directories of one of their core systems!

This dataset is all that's needed to trace actual ownership and management of the fascist side
of the Internet that has eluded researchers, activists, and, well, just about everybody.
And maybe have a little extra fun. For the lulz.

Is it possible to own a company as hard as this? We sure love to see it.
Good luck with the rebrand, Robby boy. Herd u liek mudkipz.

Monero tips for the inevitable legal bills, for
when the FBI kicks down OVER 9000 doors after this utterly
embarrasses everyone and outs one or more of their
poorly thought out stochastic terrorism plots
(GOOD LUCK WE'RE BEHIND SEVEN PROXIES)

49fTMEjqSZW5qKrJLwKjJZ2MHVYCbvsPo1ikwtxQTW66V3VTijgtJdFCukcKvvCnX7GYMqfgEVBGeQ4XJ1b6b45SQcfRCaq

Support your starving hacktivists, and they will bless you in turn.

So long, for now! Support #OperationJane and mess with Texas today!
Abortion is a human right!

Download OperationEpikFail.torrent

There's no use in denial, Rob Monster.

We are Anonymous
We are Legion
We do not Forgive
We do not Forget
___________
< EXPECT US >
-----------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||

The Internet Hate Machine hates fascists.

Signed,

) ) ) ) * ) (
( ( /( ( /( ( /( ( /( ( ` ( /( )\ )
)\ )\()) )\()) )\()) )\()) )\))( )\()) ( (()/(
((((_)( ((_)\ ((_)\ ((_)\ ((_)\ ((_)()\ ((_)\ )\ /(_))
)\ _ )\ _((_) ((_) _((_) __ ((_) (_()((_) ((_) _ ((_) (_))
(_)_\(_) | \| | / _ \ | \| | \ \ / / | \/ | / _ \ | | | | / __|
/ _ \ | .` | | (_) | | .` | \ V / | |\/| | | (_) | | |_| | \__ \
/_/ \_\ |_|\_| \___/ |_|\_| |_| |_| |_| \___/ \___/ |___/
 
4
•••
Urghh, I'm so torn on Epik.

On one hand I find most of Rob's personal beliefs pretty grim. On the other hand I think Epik has been one of the few innovative players in domaining and my limited use of their platform has been positive.

Whilst I hugely disagree with Rob on most things, I am with him on his desire to protect free speech.

But sending me a vague email about my data possibly being lost, and telling me that you're praying hard for me did not overwhelm me with confidence.
 
8
•••
People might also want to research Operation Talpiot and Sandy Bridge and then realize that every computer is designed to be hacked into, and built right into both hardware and software. Every computer is easily accessible. But when there is an agenda to achieve specific people are always targeted.
I was thinking of such recently without reading anyones info but did not wanted to post because most already think I m crazy.
We the end users have the illusion of security which was created for us, but there are intentional direct access back doors which are created for them, those who rule Echelon project.
Here is something that I experience from when I have begin domaining, every time I don't hand register some specific domains I take a screenshot as evidence for later, the next day I decide to go and hand reg those domains and I see that some of them are already registered with some old reg date, then I go to chk my screenshots and surprise the screenshot is nowhere to be found, I trust my memory and I know I m right.
The domains were hand registered at different registrars but the most frequent was Godaddy you know the DN beast of internet.
 
2
•••
Don't mix business and emotions.
This way is wrong 100%.
 
2
•••
Problem: I have a bid on my nameliquidate domain but you have to enter payment info to receive money.

1/ be stubborn / support epik / play russian roulette for $10

2/ follow that little voice in the back of my head
 
2
•••
Back