Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021
Other industry companies (registrars to begin with) will likely see the same...
Forcing reset of all passwords? First, NP will not need to analyze epik dump at all. Second, it would not make any sense for the current hacker, or any other hackers (there should be many) to start another credential stuffing attack with epik db data...
Fascinating. If so, one would reasonably guess that Epik systems were (and, possibly, still are) controlled by different (competing) hackers, for quite some time. It is not surprising that Epik is praying. Any religous member should definitely join Rob in prayer. Who knows...
Monster also called upon Jesus to rebuke any demons that he believed could be present at the conference.
You should first block domain transfers, withdrawals, until you find the breach... you fix it on an offline version of your website and then release the limitation, after that you go after the hacker.
Members should also reset their passwords ASAP, I didn't seen the encryption used but if it's a standard one like MD5, SHA... even if Salted the attacker should have got it from the source code and everyone now.
The risk to decrypt them is high and any one can do it by generating randomly a database of passwords using the encryption and searching if any member is using it.
Reseting your passwords is a priority.
After that you update tranfer codes of domain names. (Epik will facilitate the task by blocking transfers during this period even if many members will go against this. But with all the data losses this is nothing right now).
I also think that this hack isn't a recent one and the hacker acted under the radar before it makes it public... just like happened with bitcointalk, etc.
Upcoming deletes 279,329 (45.57%)
Hmm. What is going on there?
If you control registrar - you can send any existent list of domains to Redemption Period...
Interview September 2021 - YT link
Offtopic (somewhat). Mods are welcome to delete. But, it is weekend...
Has anyone been able to Transfer OUT using the APPROVE TRANSFER button? Right now when I hit the APPROVE Transfer button, I get a message that says
"Currently approve is not available"
He should have called upon the Jesus to rebuke any Monsters attending the conference.
So are there any case of stolen domain after this breach ?
I doubt that it make any sense for hackers to steal domains. Usually they're stealing private data, cards etc.
A good sign actually. Not to say that it should work this way, but... what if somebody is trying to steal domains as the result of the breach?
What is the significance of this? Why are all those domains being deleted?
Read answers above and ask Epik directly.
Theres 600,000 registered domains at epik.
280,000 upcoming deletes (45%).
Sounds worse than stolen domains.
Apparently theyve been behind trenches since february so who knows what theyve had time to do/build.
The drop-catching companies are going to be busy with all those domains being deleted.
Think about YOUR domains, not about these companies.
one of the possibilities is that they switch off the notifications for renewals, so that the account owner wont see moves or anything coming from Epik.
I am trying to recover the password, and it's not working, seems like. According to whois the 1 domain name I a have at Epik did not move though. At least out of Epik not.
My domains are at Dynadot.
now that, made me laugh out loud
That’s it. In this thread I've read a few posts from people saying people here must support Epik, no one owes Epik anything though.
Business is business at the end of the day, Epik (and any business) act in their best interests, so you’ve got to do what’s best for you, if you are happy with Epik and if you feel your assets and personal information are safe at Epik (equally as safe as any other domain registrar), that’s great stick with them, but any doubts what so ever get out of there.
Your domain names are potentially expensive assets at the end of the day.
Our biggest concern with this approach is that the email accounts may be compromised or the email domains may have dropped. It’s going to require a little more nuance than a global password reset, unfortunately.
Were this any other industry, a global password reset might make sense, but domainers tend to use their own domains for email.
I have no tech knowledge all i see is legions live peaking over cantonese firewall laughing at my weak password ready to steal my 3digit cc verification code.
Im not playing russian roulette with a heavily breached registrar and a fake it til you make it CEO whose hiding info.
"May" should be removed from the thread title, it is a fact already.
Separate names with a comma.