alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

Epikfail.com is going for 2500

Although I have to admit that the information provided by Epik is lacking, these kinds of domain names seem to me to have little value. The following domain has a Creation Date of 2021-09-14T17:44:19Z.

 

[Evil.dll]

The intrinsic value of it to post the scope of the data leak with flowcharts and spreadsheets without compromising PII

 

[Evil.dll]

I was going to buy epikfaildump, but some vulture beat me too it…

 

[Evil.dll]

Thefartking.com is available though

 

[Kirtaner]

I was going to buy epikfaildump, but some vulture beat me too it…

Wanna use epikfail.is? Might know a guy.

 

[branding]

Although I have to admit that the information provided by Epik is lacking, these kinds of domain names seem to me to have little value. The following domain has a Creation Date of 2021-09-14T17:44:19Z.

Show attachment 202997

Create affiliate links to other registrars, spam the domain on twitter,FB and linkedin = profit!

 

[Future Sensors]

OVEROPTIC SYSTEMS LTD was incorporated on 14 March 2013 in the U.K. and the the only public information available is the name of one appointed director, his address and nationality. He's a ukrainian citizen from Crimea.

Thank you @FernandoBMS

Are you able to present a short overview of the most prominent countries involved in the complete Epik ecosystem, maybe with a short description?

 

[branding]

 

[DN Playbook]

Your whois data wasn't private. If you can't find it for free, you can buy it.

It was public on a trust basis. Now registrars are better at protecting whois info. A Terms of Use appears in the whois results that includes, among other things, a statement to the effect that collection of the data or dissemination of the data is prohibited.

If any registrar is scraping whois info or buys whois data from another source, that is shady behavior, IMO. That is was spammers do. Why would a registrar need that data?

 

[bmugford]

My experience with Epik in the last months has been nothing but terrible.

1. All my phone numbers, emails, domains, addresses, transactions, and old passport data were included in the torrent file and the data breach. Since that time I receive all the time fishing emails and fishing sms.

2. I updated all my passwords and 2FA codes after this breach. But at the same time, they obviously changed their login page from epik com to federatedidentity com. And somehow I have only the 2FA codes for logging in via epik com now but not the federatedidentity com 2FA. Obviously I made the mistake to think that these codes are the same or that you can still log in via epik com with the old 2FA which I generated there. And at the same time, it seems that Epik completely removed the old login page. Before you were able to decide.

3. I contacted support and explained my problem. They mention an account PIN that was not even created by me. Of course I don't know such a PIN which is stored somewhere in my profile obviously without notice. So I try to find a way back into my account. I mention that I can still use my phone number for their sms login or the old epik com login 2FA.

4. They demand that I upload my new passport. I tell them that I won't upload any such documents anymore after the fact that they are responsible for the situation that all my sensitive data is published online. Instead, I offer them to share the document with them in a Dropbox link for one-time view and tell them that I don't give them permission to store any of my identity documents permanently.

5. And what do they do? They tell me that they don't give me access to my account. This company has become completely ridiculous. No SORRY nothing about the shit they have done. I won't upload anything and I don't give you permission to store any identity documents and if you do so, then I will take legal actions. Basta!

Thank you for this mess Epik. First allowing hackers to easily decrypt all data by employing wannabe security specialists who don't know what encryption algorithms aren't secure anymore in 2021. And then for the fantastic communication and having two different logins, and then removing one login etc. That's completely crazy.

I would like to know about the first point. My understanding was ID documentation was not included in this breach. Is that not the case?

Passport and potentially other ID documentation would make this even more of a disaster.

Brad

 

[mr-x]

There are also strict regulations when it comes to storing and protecting customer's data - from PCI compliance to GDPR, and more.

Brad

Another false equivalence. A few megabytes of public whois data vs gigabytes of IP and private information stolen, sabotage and blackmail.

You've changed my mind.

 

[Future Sensors]

Am I allowed to express my opinion that Anonymous's crimes are worse than Epik's incompetence?

Sure, and we can or may even agree on that. But it's a fact now and we can't deny. Or can we.

 

[bmugford]

Sure. How many more times are you going to bring that up?

As many times as I feel like.

Epik's shitty security is not any less relevant as time goes on. When you say the data is "cursed" you deserve to be mocked.

Brad

 

[Derek Peterson]

I think the most important thing in all of this is the users of Epik services and the users of the users of Epik services. Let's not forget it isn't just Epik's direct customers who were hurt by this Epik Fail, but also the users of all those sites that were hosted by Epik. What I know for certain, based on their own words and actions is that:
1) Rob Monster doesn't care about them. He has made no admissions and done nothing to explain what all happened who was affected.
2) Hackers don't care about them. They have made it abundantly clear that they want to destroy the lives of those users and even help put many of these people in jail who happen to live in countries that punish people for thoughts and words.
3) Govts don't care about them. They just want the data so they can prosecute and use as excuse to enforce more tyranny on humanity.

The one person who is responsible and the one person who should care has not only done nothing to help but aggressively attacked those that do. @robmonster is that person.

 

[bmugford]

Absolute proof of the biased mods here. Most of your posts are recycled trash that you've spewed ad nauseum. But I've made posts that go against you and the other creatures of habit in this thread and I get deleted because I'm not nice. Oh well. I'm glad I'm capable of an original thought at least. Let's see how long it takes the mods to delete this when you go crying to them

Most of my posts are on topic regarding the Epik data breach. It you don't like it....tough.

Brad

 

[internext]

Dear mods please delete my former posts that I made tonight. I know better than to try to have an opposing view with people who just repeat themselves. It's like I'm just arguing with myself in effect. And I'm far too mean. I'm a real baddie. Let the hackers and their buddies have their fun I don't want any part of this thread anymore. I honestly knew better than to involve myself again but man these stutterers are maddening. And shamelessly proud of their intellectual limitations

 

[DN Playbook]

Whois data is public. You can choose to hide your information but it is still public data and can be found free or purchased.

OK, how do you square the whois data being scraped by Epik against TOS by virtue of it being public or available to purchase with the data dump from the hack? Isn't it the pot calling the kettle black?

 

[DN Playbook]

I want to add that finally Epik has given me access to my account again after first refusing it without upload of new passport. Maybe they saw the post.

Of course. Rob is watching this thread.

 

[Derek Peterson]

Well, if receiving fair compensation for your work makes you a "whore" that explains a lot.

No wonder there is such a high level of incompetence.

How Christlike to call people "whores". If someone else did the same Rob would probably be talking about their eternal soul or whatever.

Brad

The Bible uses the term "whore" many times BUT not referring to poor people working to survive. This is just so disgusting on so many levels I don't even know what to say. It does explain a lot though, he thinks of his employees like whores, his customers like Johns and he is the CEP (Chief Executive Pimp).

 

[DN Playbook]

The Bible uses the term "whore" many times BUT not referring to poor people working to survive. This is just so disgusting on so many levels I don't even know what to say. It does explain a lot though, he thinks of his employees like whores, his customers like Johns and he is the CEP (Chief Executive Pimp).

"Whore" is a very strong term. Worse than a "prostitute". I wouldn't be surprised if he views those who accept his "bounty" payments as whores.

 

[Lox]

The "forever registration" is nonsense, especially without the registry itself on-board.

With .COM for instance the max you can renew for is (10) years which would currently cost around $90 - $100 at most registrars. The "forever registration" is simply a promise to pay future renewals, with no actual guarantee of that.

The entire concept is basically marketing fluff without the registry itself on-board. Even then, there is no guarantee a company like Verisign will always have the rights to operate the .COM extension. They don't own the extension, they are simply operating it under contract.

Brad

Network Solution

 

[Name Trader]

I got a message today from a very popular credit monitoring service regarding the Epik data breach.

This is going to be news to millions of people now who did not already know this.

Brad

When are you going to share it?

 

[Name Trader]

Is it from Credit Karma?

Epik breach​

September 2021
In September 2021, Epik's database was allegedly breached. Even if you don't use your Epik account anymore, it's important to protect any info that was exposed.

(Posted on another forum)

Nothing found on CreditKarma.com when searching for text "In September 2021, Epik's database was allegedly breached"

 

[bmugford]

Nothing found on CreditKarma.com when searching for text "In September 2021, Epik's database was allegedly breached"

Yes, it was emailed out to any of their millions of customers whose data was involved in the breach.

Brad

 

[branding]

Day 60 hasn't changed, but of course they are now releasing them on day 62

If that's the case I predicts a lot of incoming ICANN complaints.