NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
1,855
Views:
97,572

  1. DN Playbook

    DN Playbook Established Member

    Posts:
    469
    Likes Received:
    584
    News media often releases breaking news almost in real time and makes the statement that the story is in development and will be updated as more details become available.

    Indeed. Strong held beliefs should never enter the business world. Rob turned Epik into a movement or a cause in his image.

    Some hackers consider themselves hacktivists. It sounds like this is the case here. The reality will come out in how the information hacked will be used. But you should change passwords on all other services you use to login as well.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Mister Funsky

    Mister Funsky Top Contributor VIP

    Posts:
    5,593
    Likes Received:
    21,535
    Not sure about your education or experience, but I minored in journalism. I will admit it was a while ago, but we were taught not to 'speculate' about a story...breaking or not.
     
  3. Maximinus

    Maximinus Established Member

    Posts:
    604
    Likes Received:
    2,278
    Website is running slow and there is still no answer from Epik stuff to this thread. This may only mean they are still under attack.
    I am not sure changing passwords and/or transfering domains(unlocking) is a good idea in such situation.
    Let's wait and see!
     
    Last edited: Sep 14, 2021
  4. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,886
    Likes Received:
    10,762
    A few hours ago I was in LiveChat regarding this slowness - their representative didn't confirm any known issue and just escalated my request...
     
  5. Samer

    Samer Restricted (15-30%)

    Posts:
    11,239
    Likes Received:
    21,901
    Thank you, SIR!

    Samer
     
    Last edited: Sep 14, 2021
  6. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    13,947
    Likes Received:
    26,504
    The lack of any response by Epik is troubling, even a basic update on what is going on.

    I understand if things are going on behind the scenes, but you have (37) Epik staff members on NamePros.

    A basic "We are aware of the reports and are researching the situation" or something similar is needed.

    Brad
     
    Last edited: Sep 14, 2021
  7. ecomslice

    ecomslice Top Contributor VIP

    Posts:
    1,117
    Likes Received:
    1,593
    I just changed my login and financial info very easily. No slow downs.

    Let's wait it out and see if legitimate before cancelling
     
  8. Bob Hawkes

    Bob Hawkes Top Member NameTalent VIP Gold Account Trusted Blogger

    Posts:
    7,722
    Likes Received:
    26,402
    Hopefully we will soon have some information from Epik.

    The site is slower than usual, perhaps simply because a lot of us are doing things, but fully operational it seems. I was able to get in and change my pw, remove payment means, as well as do some other things such as landers, marketplace listings, and domain transfers, without issue.

    Thank you for alerting us to the situation @Silentptnr and all who have provided information.

    While their main stated goal seems to be to damage Epik and identify those behind certain websites for political purposes, if it is true that they have what they said, it is important at the very minimum to change pw asap so domains cannot be moved (although 2FA would make that difficult I guess?)

    Bob
     
    Last edited: Sep 14, 2021
  9. Corey

    Corey GDBR. com VIP ★★★★★★★★★★

    Posts:
    15,010
    Likes Received:
    18,602
    No problem accessing the site from Australia.

    Cheers
    Corey
     
  10. johnn

    johnn WeSellName.com PRO VIP ★★★★★★★★★★

    Posts:
    17,648
    Likes Received:
    7,947
    Passwords are encrypted so hacker would not be able to see your password.
    I would not touch the account if things are still going now.
     
  11. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,886
    Likes Received:
    10,762
    Looks that all comments are prohibited for their team until official statement from Rob...
    Black day definitely...
     
  12. johnn

    johnn WeSellName.com PRO VIP ★★★★★★★★★★

    Posts:
    17,648
    Likes Received:
    7,947
    What's wrong by saying to the members and the media people "We are aware of the problems and working with security people to solve the problems"?
     
  13. Corey

    Corey GDBR. com VIP ★★★★★★★★★★

    Posts:
    15,010
    Likes Received:
    18,602
    sounds like Tall poppy syndrome to me

    Cheers
    Corey
     
  14. cbd

    cbd Top Contributor VIP Gold Account

    Posts:
    2,343
    Likes Received:
    1,270
    FWIW - I was able to successfully transfer-out some domains just now.

    Hopefully it's a false alarm. It's certainly unnerving not knowing. Thankfully I don't have a lot of domains there anymore.
     
  15. Mister Funsky

    Mister Funsky Top Contributor VIP

    Posts:
    5,593
    Likes Received:
    21,535
    As someone above said due to encryption, and add that to 2FA, there is probably not much to worry about. I've got hundreds of domains there and I'm not too concerned.

    Also, as was said above, it would likely be best not to attempt a log on...just in case. I agree that, at a minimum, an email should have been sent to account holders unless some sort of public statement was made (I can not seem to find one yet).
     
    Last edited: Sep 15, 2021
  16. WhoaDomain.com

    WhoaDomain.com WhoaDomain.com VIP Gold Account

    Posts:
    9,625
    Likes Received:
    11,194
    same but if this is all true. Our info can be used to gain access to credit card yes? Isn’t that the usual worry about a Data breach?

    Does that mean I need a new debit card?
     
  17. johnn

    johnn WeSellName.com PRO VIP ★★★★★★★★★★

    Posts:
    17,648
    Likes Received:
    7,947
    Stay tune and don't get panic:
    1. Do not access to your account unless you HAVE to
    2. If someone use you credit card then you can call to cancel and will not be liable for fraud transactions - unless you use Debit card then it will be a different story
    3. Your password is encrypted even IT people or Epik staff would not now so there is no need to change password now
    4. Wait for the official news from Epik
     
  18. Lox

    Lox _____ VIP

    Posts:
    3,783
    Likes Received:
    6,926
  19. TheBaldOne

    TheBaldOne Top Contributor VIP Gold Account ★★★★★★★★★★

    Posts:
    2,499
    Likes Received:
    1,599
    I suspect that law enforcement as well as security teams (external as well as internal) might be advising any and all moves by Epik atm - including the perceived current policy of not commenting on the matter.
     
  20. Mr Wash

    Mr Wash Upgraded Member Blue Account

    Posts:
    95
    Likes Received:
    99
    It looks like it really does include DNSSEC private keys (assuming the dump is legitimate). I had a peak at one of the files in the torrent. Prepare for potential DNS hijackers if you have any site with Epik (unless it is a very sophisticated hoax).
     
  21. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,886
    Likes Received:
    10,762
    So their infrastructure is not ready to serve even own customers?
    We are like true DDoS for Epik???

    I don't think so...
     
  22. Kingslayer

    Kingslayer Top Contributor VIP

    Posts:
    2,087
    Likes Received:
    5,513
    I don’t have an Epik account myself for various reasons, 1 of them being the potential of things like this happening with a company that generates a lot of controversy.

    I can imagine how this can be potentially worrying for people with Epik accounts and hope for everyone that it is nothing, but data protection is very serious and if there is a breach Epik should alert customers to this breach and what information is in another party’s hands by law, not dismiss it (article that @Lox posted).

    All countries have adequate data protection laws, but I know GDPR is very strict on it:-

    https://gdpr-info.eu/art-33-gdpr/
     
    Last edited: Sep 15, 2021
  23. topdom

    topdom Top Contributor VIP

    Posts:
    1,665
    Likes Received:
    1,401
    This attack might be coming from inside, or it may be deeper than what most people think.
     
    Last edited: Sep 15, 2021
  24. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    13,947
    Likes Received:
    26,504
    This is not the way to handle a potential crisis. The complete lack of updates in 10+ hours just creates a further crisis in confidence.

    Far be it from me to tell Epik how to run their business, but I don't think radio silence is a good look.

    Brad
     
  25. NickB

    NickB it's a mystery VIP

    Posts:
    5,542
    Likes Received:
    13,277
    Here in the UK a company would need to report it to the ICO within 72 hours and would need to inform their customers - not sure what they have to do in the U.S - are they legally required to notify anybody, including customers?
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...