NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,354
Views:
178,251

  1. DirkS

    DirkS Dutchman.info VIP

    Posts:
    7,363
    Likes Received:
    6,750
    That's supposedly when the hack happened. Don't know what to believe and it doesn't really matter. What they got is plenty enough to put your assets and private data at risk.

    On the upside, transfers seem to go through without issues so at least you can keep your domains save. I changed whois data for all of them after transfer to another email address to be on the safe side.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,074
    Likes Received:
    10,958
    ~6.5 months are not critical even for AUTH codes.
    Many registrars refresh them just once.
     
    Last edited: Sep 16, 2021
  3. Reddstagg

    Reddstagg The-Billionaire.com VIP Gold Account

    Posts:
    1,210
    Likes Received:
    2,682
    Here is a genuine concern of mine. I have changed my password to be sure to be sure. Is the Federated Identity login a good idea or a bad idea in the current context?

    Edited by moderator: Removed remainder of post
     
    Last edited by a moderator: Sep 16, 2021
  4. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,279
    Likes Received:
    8,023
    Login data may get distributed widely, so 2FA is a good protection. The "Federated Identity" thing is a method of Single Sign On (SSO), I think.

    The attackers may still be able to bypass any of these authentication measures. It's up to you and each individual / company / website to assess whether you may be a further target.

    See also this posting.
     
    Last edited: Sep 16, 2021
  5. DirkS

    DirkS Dutchman.info VIP

    Posts:
    7,363
    Likes Received:
    6,750
    It does seem to affect (new) registrations:

    Screenshot_20210916-195626.png
     
    Last edited: Sep 16, 2021
  6. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,074
    Likes Received:
    10,958
    @Rob Monster

    And please also review: how your API is secured
    OR
    even shutdown it until better times.
     
    Last edited: Sep 16, 2021
  7. DirkS

    DirkS Dutchman.info VIP

    Posts:
    7,363
    Likes Received:
    6,750
    Definitely not years old. Analysed some data and located relatively new accounts ( end 2020).
     
  8. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    I consider this as an attack on domaining community.
     
    Last edited: Sep 16, 2021
  9. April004

    April004 Established Member

    Posts:
    149
    Likes Received:
    190
    yup, hardly anyone dare to register new domain as of now (after reading about the hacking news all over internet) with Epik.

    until the dust settles down...
     
  10. mr-x

    mr-x Top Contributor VIP ★★★★★★★★★★

    Posts:
    21,001
    Likes Received:
    37,447
    A quick read and mental projection ( wishful thinking ) on my part. I apologize for the mistake.
     
  11. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,074
    Likes Received:
    10,958
    We support scandals with DAN, GoDaddy, PayPal???
    I don't think so.

    As I already said in another thread:
    Epik needs rebranding and absolutely another kind of PR.
     
  12. Truespin Domains

    Truespin Domains Top Contributor VIP

    Posts:
    1,783
    Likes Received:
    1,357
    The engineer pointed the Daily Dot to what they described as Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.

    The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.

    Wow!

    If an organisation like Epik is storing passwords in plain text, that's another level of incompetency. Truly hope this isn't the case.
     
    Last edited: Sep 16, 2021
  13. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    I actually just meant to say that its majority of domainers whose data has been allegedly compromised. I am not going in the discussion of ideological tilt towards epik or not , i am talkin technically regarding data and domain related company.
     
    Last edited: Sep 16, 2021
  14. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    Some Domainers might have an issue with ideological and political leaning of Mr Rob. Some of us might agree with him as well.
    Epik might be competitor for some registrars such as GoDaddy , dynadot, namecheap etc but at the end of the day all domainers and related companies are part of same small group. In the rest of the world ppl don't support domainers much.

    I believe all rich domain related companies must hire best security experts together and should raise the bar of security in the domain space so that it do not happen with anyone else. Also all big domain related companies and ica must together try to find out who is behind all of this alleged attack.

    All of us must agree to the fact that these so called anonymous hackers do not care about your ideology. All they care is about making ppl's life difficult. Ok if even these alleged hackers do not agree with epik political ideology but at the end of the day they are putting out millions of other guys' data out there in public which is not ethical in my view. These r just my personal thoughts.
    I stand with epik in this.
     
    Last edited: Sep 16, 2021
  15. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,074
    Likes Received:
    10,958
    I don't know any other popular registrar among domainers, which was hacked for last decade.
    Epik is the only one. So their fault only.
     
    Last edited: Sep 16, 2021
  16. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    How can you blame the victim . I don't understand it. Epik is victim here. Am I missing something in all of this. Itz like trying to justify the hack.
     
  17. NickB

    NickB it's a mystery VIP

    Posts:
    5,688
    Likes Received:
    13,751
    this thread went to sh^t pretty quickly - why someone didn't start another one to discuss/argue the pro's and con's of Epik,, Rob, Alt Right, Liberalism etc etc and let this one be about the matter in hand is baffling.......

    It's been mentioned a few times - can we just let this thread be about updates on the hack and keep the rest out of it?
     
  18. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,205
    Likes Received:
    4,245
    I believe there have been a few, but I'm not aware of any being quite as public. Since the others weren't public, it's harder to know exactly how far the attackers got.

    I do know for certain that at least one other service popular among domainers has been compromised recently, and the credentials obtained during the attack have been leveraged to gain access to NamePros accounts, since people tend to use the same password for all their accounts.

    The argument for assigning some degree of blame to Epik is that some of their security practices appear to have been bordering on negligent. However, that assessment is based exclusively on data that an attacker published. Conveniently, the majority of the passwords/hashes appear to have been removed by the attacker. For all we know, they could've been proper hashes.
     
  19. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,074
    Likes Received:
    10,958
    Victim in plain text...

    Everybody gets what deserves.
     
    Last edited: Sep 16, 2021
  20. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,205
    Likes Received:
    4,245
    It's looking increasingly as though the password/hash data has been tampered with, and only a small subset of passwords/hashes--not those for the core Epik accounts, but for extra services--have been included.

    There's definitely data that appears to be stored inappropriately, but the fact that the epik_users table has had its password column replaced with bogus text raises more questions than it answers. Most entries are just eight-character strings of lowercase letters following simple patterns (consonant, vowel, consonant, vowel, etc.).
     
  21. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,074
    Likes Received:
    10,958
    We are talking about CC details and AUTH codes...
     
  22. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,074
    Likes Received:
    10,958
    For last decade I have seen only customer accounts hacked, but not the entire DB.
    Epik DB is the only one.
     
    Last edited: Sep 16, 2021
  23. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,552
    Likes Received:
    24,827
    Were the users of that service notified Paul, did Namepros let users know of this site compromised and also used on Namepros?
     
  24. Ostrados

    Ostrados EpicName.com VIP ★★★★★★★★★★

    Posts:
    6,114
    Likes Received:
    3,015
    The scary part from the article is this:

    So basically if you have a wordpress website hosted at Epik hackers can take over your website.

    The damage from this breach is much more severe than I initially thought.
     
    Last edited: Sep 16, 2021
  25. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,205
    Likes Received:
    4,245
    Almost all of the credit cards have been censored; it's not clear by whom. I stumbled upon a handful that weren't, but for all I know they could've been Epik's or simple test data--there weren't many. I'm not sure how anyone can allege that they're valid without actually trying to use them.

    That being said, there's no shortage of PII, which is going to make dealing with this a nightmare. We're still not entirely sure how we're going to combat the inevitable influx of attacks that arise from this.

    I don't believe they were notified by the service itself. The attacker tried to brag about it on NamePros and claim he would be able to hack NamePros as well, going so far as to post a link to a screen recording showing some of the data from the third-party service. I strongly suspect a number of industry blogs were also affected, but I don't know for sure which were actually compromised and which were simply on the attacker's radar.

    When we believe that a NamePros account may be at risk in such a scenario, we lock it down and require a password reset. When such a user tries to log in, they'll be that we think their account has been compromised, but we don't get into specifics. I'm not sure it would be a good idea for us to disclose specifics or send out mass notices in response to suspected attacks on third-parties--that seems like it might be an ethical gray area. It's a little different when the information is already public and available to anyone who's willing to take the time to comb through the data.

    We're looking into whether it makes sense to force password resets for NamePros accounts that might correspond to accounts in the Epik breach, but I'm worried that if the worst happens, the affected people may have trouble accessing their email. That's a worst-case scenario, but I'd like more info before acting.
     
    Last edited: Sep 16, 2021

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...