My experience with Epik in the last months has been nothing but terrible.
1. All my phone numbers, emails, domains, addresses, transactions, and old passport data were included in the torrent file and the data breach. Since that time I receive all the time fishing emails and fishing sms.
2. I updated all my passwords and 2FA codes after this breach. But at the same time, they obviously changed their login page from epik com to federatedidentity com. And somehow I have only the 2FA codes for logging in via epik com now but not the federatedidentity com 2FA. Obviously I made the mistake to think that these codes are the same or that you can still log in via epik com with the old 2FA which I generated there. And at the same time, it seems that Epik completely removed the old login page. Before you were able to decide.
3. I contacted support and explained my problem. They mention an account PIN that was not even created by me. Of course I don't know such a PIN which is stored somewhere in my profile obviously without notice. So I try to find a way back into my account. I mention that I can still use my phone number for their sms login or the old epik com login 2FA.
4. They demand that I upload my new passport. I tell them that I won't upload any such documents anymore after the fact that they are responsible for the situation that all my sensitive data is published online. Instead, I offer them to share the document with them in a Dropbox link for one-time view and tell them that I don't give them permission to store any of my identity documents permanently.
5. And what do they do? They tell me that they don't give me access to my account. This company has become completely ridiculous. No SORRY nothing about the shit they have done. I won't upload anything and I don't give you permission to store any identity documents and if you do so, then I will take legal actions. Basta!
Thank you for this mess Epik. First allowing hackers to easily decrypt all data by employing wannabe security specialists who don't know what encryption algorithms aren't secure anymore in 2021. And then for the fantastic communication and having two different logins, and then removing one login etc. That's completely crazy.