NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,140
Views:
169,197

  1. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,466
    Likes Received:
    4,417
    Other industry companies (registrars to begin with) will likely see the same...
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,466
    Likes Received:
    4,417
    Forcing reset of all passwords? First, NP will not need to analyze epik dump at all. Second, it would not make any sense for the current hacker, or any other hackers (there should be many) to start another credential stuffing attack with epik db data...
     
  3. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,466
    Likes Received:
    4,417
    Fascinating. If so, one would reasonably guess that Epik systems were (and, possibly, still are) controlled by different (competing) hackers, for quite some time. It is not surprising that Epik is praying. Any religous member should definitely join Rob in prayer. Who knows...

    :
    Monster also called upon Jesus to rebuke any demons that he believed could be present at the conference.
     
    Last edited: Sep 18, 2021
  4. TheBuyerz

    TheBuyerz Established Member

    Posts:
    744
    Likes Received:
    1,063
    You should first block domain transfers, withdrawals, until you find the breach... you fix it on an offline version of your website and then release the limitation, after that you go after the hacker.

    Members should also reset their passwords ASAP, I didn't seen the encryption used but if it's a standard one like MD5, SHA... even if Salted the attacker should have got it from the source code and everyone now.

    The risk to decrypt them is high and any one can do it by generating randomly a database of passwords using the encryption and searching if any member is using it.

    Reseting your passwords is a priority.

    After that you update tranfer codes of domain names. (Epik will facilitate the task by blocking transfers during this period even if many members will go against this. But with all the data losses this is nothing right now).

    I also think that this hack isn't a recent one and the hacker acted under the radar before it makes it public... just like happened with bitcointalk, etc.
     
  5. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,057
    Likes Received:
    10,941
  6. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,134
    Likes Received:
    27,193
  7. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,057
    Likes Received:
    10,941
    If you control registrar - you can send any existent list of domains to Redemption Period...
     
    Last edited: Sep 18, 2021
  8. Lox

    Lox _____ VIP

    Posts:
    3,822
    Likes Received:
    7,010
    Interview September 2021 - YT link

    jhjk.png

     
    Last edited: Sep 18, 2021
  9. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,466
    Likes Received:
    4,417


    Offtopic (somewhat). Mods are welcome to delete. But, it is weekend...
     
  10. DN_Hunter

    DN_Hunter Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,227
    Likes Received:
    760
    Has anyone been able to Transfer OUT using the APPROVE TRANSFER button? Right now when I hit the APPROVE Transfer button, I get a message that says
    "Currently approve is not available"
     
  11. DrJacoby

    DrJacoby Established Member

    Posts:
    716
    Likes Received:
    2,035
    He should have called upon the Jesus to rebuke any Monsters attending the conference.
     
  12. DIAX

    DIAX 888

    Posts:
    629
    Likes Received:
    152
    So are there any case of stolen domain after this breach ?
    I doubt that it make any sense for hackers to steal domains. Usually they're stealing private data, cards etc.
     
  13. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,466
    Likes Received:
    4,417
    A good sign actually. Not to say that it should work this way, but... what if somebody is trying to steal domains as the result of the breach?
     
  14. Shackleton

    Shackleton Established Member ★★★★★★★★★★

    Posts:
    204
    Likes Received:
    286
    What is the significance of this? Why are all those domains being deleted?
     
    Last edited: Sep 18, 2021
  15. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,057
    Likes Received:
    10,941
    Read answers above and ask Epik directly.
     
    Last edited: Sep 18, 2021
  16. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,068
    Likes Received:
    1,882
    Theres 600,000 registered domains at epik.
    280,000 upcoming deletes (45%).
    Sounds worse than stolen domains.

    Apparently theyve been behind trenches since february so who knows what theyve had time to do/build.
     
  17. Shackleton

    Shackleton Established Member ★★★★★★★★★★

    Posts:
    204
    Likes Received:
    286
    The drop-catching companies are going to be busy with all those domains being deleted.
     
  18. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,057
    Likes Received:
    10,941
    Think about YOUR domains, not about these companies.
     
  19. DIAX

    DIAX 888

    Posts:
    629
    Likes Received:
    152
    one of the possibilities is that they switch off the notifications for renewals, so that the account owner wont see moves or anything coming from Epik.

    I am trying to recover the password, and it's not working, seems like. According to whois the 1 domain name I a have at Epik did not move though. At least out of Epik not.
     
    Last edited: Sep 18, 2021
  20. Shackleton

    Shackleton Established Member ★★★★★★★★★★

    Posts:
    204
    Likes Received:
    286
  21. biggie

    biggie GreenFriendly.com VIP ★★★★★★★★★★

    Posts:
    11,116
    Likes Received:
    13,075
    Hi

    now that, made me laugh out loud ;)

    imo...
     
  22. Kingslayer

    Kingslayer Top Contributor VIP

    Posts:
    2,111
    Likes Received:
    5,625
    That’s it. In this thread I've read a few posts from people saying people here must support Epik, no one owes Epik anything though.

    Business is business at the end of the day, Epik (and any business) act in their best interests, so you’ve got to do what’s best for you, if you are happy with Epik and if you feel your assets and personal information are safe at Epik (equally as safe as any other domain registrar), that’s great stick with them, but any doubts what so ever get out of there.

    Your domain names are potentially expensive assets at the end of the day.
     
    Last edited: Sep 18, 2021
  23. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,204
    Likes Received:
    4,243
    Our biggest concern with this approach is that the email accounts may be compromised or the email domains may have dropped. It’s going to require a little more nuance than a global password reset, unfortunately.

    Were this any other industry, a global password reset might make sense, but domainers tend to use their own domains for email.
     
    Last edited: Sep 18, 2021
  24. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,068
    Likes Received:
    1,882
    I have no tech knowledge all i see is legions live peaking over cantonese firewall laughing at my weak password ready to steal my 3digit cc verification code.
    Lol.

    Im not playing russian roulette with a heavily breached registrar and a fake it til you make it CEO whose hiding info.
    Nope.
     
  25. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,057
    Likes Received:
    10,941
    @Silentptnr
    "May" should be removed from the thread title, it is a fact already.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...