NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,632
Views:
194,085

  1. MasterOfMyDomains

    MasterOfMyDomains Top Contributor VIP ★★★★★★★★★★

    Posts:
    5,151
    Likes Received:
    5,841
    You can transfer back to losing registrar anytime, within 60 days or is it 45?. Correct me if i am wrong. Thanks for the reassuring words rob, looking forward to official email this evening, and some facts. Did you hire joey to razz that lady?
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. labrocca

    labrocca Top Contributor VIP ★★★★★★★★★★

    Posts:
    6,437
    Likes Received:
    470
    I've been in Rob's shoes before. My user table on a few hundred thousand members was breached and downloaded. A full password reset might be necessary but you should only do that AFTER you are 100% sure of what happened and have secured the site. Worse thing to do is PW resets then find out that you are breached again. As long as the PW's are salted and of certain difficulty they will mostly be hard to break. As a standard everyone should use 12 characters min (upper, lower, digits, and special chars).

    I'm gonna assume they are going nuts securing everything and making the changes needed. Has anyone yet lost a domain? If not, then don't panic. This imho will make Epik stronger. When you start off it's not always easy to know how big you'll get and what security measures you will need. People think it's just a few button clicks for security. You have to code all this crap. Their Federatated single-login feature was probably a bitch to integrate.

    https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

    That's alarming because it's possible they sent delete notices to ICANN for those domains. I've checked my own domains. None show as PendingDelete.

    I would think ICANN and the registries would work with Epik to fix any mass domain theft or deletion. It's not like they can't do that.

    I doubt Rob is "hiding". My guess is that he has hands full. Is probably on tilt a bit over this too. I know exactly what he is going through. It's not a comfortable moment. He has people posting from Epik. And I am sure he wants to wait till he has everything secure and all the information possible before making statements. He can't come here and be like "we're working on it, we're not sure, we don't think so" because he would just get attacked and we'd see more panic.

    The situation imho can take 7-15 days to absolutely fix. And you don't waste time on a forum. You work as fast as you can because your business is at stake.

    There has been much worse breaches. Example is Equifax. Again, no one is reporting lost domains. Your credit card data being exposed isn't abnormal. By now everyone I know has at one point or another had their CC stolen. Figure out what's at Epik and report it lost if you so worried. For free your credit card company will replace it. You lose nothing but maybe a bit of hassle.

    btw, stuff like this is why blockchain based domain registration make a lot of sense.

    I really feel bad for the guy. I respect that he rubs people the wrong way with his religious beliefs. But show some tolerance. People are okay being nice to a guy wearing a dress more than wearing a cross.

    imho, you don't allow any domains out unless manually reviewed and you disallow any domain deletions. I think domainers can hold off on sales until their portfolios are secure.

    Guys, Epik allows crypto. Suggest if you don't use crypto yet, you begin now.

    And to the comment that Epik is liable. You have to prove damages. Most of the legal requirements from a company in a breach are to inform the public. Typically they get into trouble by trying to keep it secret. And credit monitoring is mostly free to people now via their CC company or bank.

    Epik will be fine imho. Some damage will happen but Rob is tough, he'll stick it out. I ain't moving a single domain.
     
  3. br1ll1on

    br1ll1on Established Member

    Posts:
    198
    Likes Received:
    211
    I get not saying much to avoid giving away your hands to possible lurkers but something like "Engineers are working very hard to audit and secure all facets." earlier wouldn't hurt
    Wishing you the possible best.
     
  4. Finest

    Finest Top Contributor VIP

    Posts:
    2,519
    Likes Received:
    2,039
  5. YairDD

    YairDD I'm cool, I think? VIP

    Posts:
    1,410
    Likes Received:
    3,989
    Probably the end of Epik. No one is gonna trust the security of the site anymore
     
  6. TravisW

    TravisW Established Member ★★★★★★★★★★

    Posts:
    18
    Likes Received:
    21
    This should have been the first email they sent. The lack of clear communication up until this point has done damage and caused a loss of trust.
     
    Last edited: Sep 19, 2021
  7. Chris Hydrick

    Chris Hydrick Account Closed (Requested) VIP

    Posts:
    6,304
    Likes Received:
    9,805
    I received the same email.

    A+ to whomever wrote this email.

    I wouldn't be so sure...

    Didn't @Rob Monster mention (in the journalist video conference) something about Epik receiving some $28million in funding recently? Is it unreasonable to think they aren't done raising capital as freedom of internet speech seems to be a hot topic these days, and epik just so happens to find themselves at the shadowy forefront of this societal battle.

    Over the last few years epik has seemingly been able to expand their customer base, and AUM, despite sustaining a far right neo nazi loving wikipedia label. And as mentioned in Troy Hunt talks about Epik from 27:23 to 43:30, Troy accurately asserts that not everyone/everything connected to epik are far right neo nazi lovers, thus that wiki over-generalization is to be taken with a grain of salt, rather than a Hollywood headline.

    Assuming that epik can make it through this legally unscathed, this security breach, if properly rectified (to include epiks allegedly broken/ignored bug bounty department) could fall into the category of what doesn't put epik out of business, only makes epik stronger. and more experienced.

    It also seems, maybe only temporarily and/or secluded to their last urgent security breach email, that epik is toning down the marketing fluff / divisive pillow rhetoric, and directing that attention to their outdated tech/code, which may in turn inspire a new ground up rebuild. As it stands, epik is eerily similar to a professional pillow talker, and now with the recent bad press of epiks pillow quality being in question, maybe epik will finally direct their pillowing attention away from professional pillow talk, and transition back to innovating needed pillow technology.
     
    Last edited: Sep 19, 2021
  8. Jv1999

    Jv1999 Wander Aimlessly: Redeemed Knight of the Exo-Tower VIP

    Posts:
    3,094
    Likes Received:
    3,169
    Everyne was out for blood...

    Last time Rob commented on a forum thread attacking him, he only self-slaughtered. I'm glad this time around, he kinda just laid back and made sure what actually mattered was taken care of -- security. Then he posted and it wasn't out of heat of passion or anything -- he simply gave an update. Good on Rob


    I lean towards non-alt-right, so I don't agree with Epik harboring sites that have a dangerous call to action, like with Gab and that KKK forum that was banned from Google.

    I also don't agree when Rob linked the NZ massacre on Twitter!

    But I admit that Epik and Rob are probably one of the most top notch registrars in terms of like security and innovation.

    Everyone mostly went off the rails and said all hell was breaking loose and everything was leaked in plaintext and AUTH CODES and whatnot... but the truth is -- no one has lost a domain. No one lost access to their accounts. No one's pw was compromised (i think)

    Because Rob said they most likely hacked some legacy Epik system that's no longer holding valuable info.

    There wasn't even a system downtime tbh. Everything ran smoothly as though the hack never happened.

    It was basically a smear campaign. Thta's what I think... I hope more updates into the situation are released soon... but I mean I received both Epik emails, the last one saying none of my stuff was compromised.
     
  9. Chris Hydrick

    Chris Hydrick Account Closed (Requested) VIP

    Posts:
    6,304
    Likes Received:
    9,805
    The problem with being crazy is crazy people do crazy things. Case in point, I've been transferring domains to epik all week, despite the breach.

    Simply because for the most part epik as a registrar works/has worked without much issue, and when an issue arises, there are generally less hoops to jump through to get an epik resolution than there are at other registrars. Not to mention epik's pricing is right most of the time, and thus, seemingly a practical solution for holding domains; even though they could do better in areas such as redemptions and warehousing practices. Oh, and apparently they could be better in the safeguarding/hashing of user data.

    To me, the politics is similar to chick-fil-a drama. Chick-fil-a/epik was not their highest self, and mistakenly mixed politics with chicken. Then suddenly, it became "uncool" to eat at chick-fil-a despite them having the best chicken and legendary customer service. Seemingly, to an extent chick-fil-a, has taken steps to address their judgmental shortcomings, and get back to being in the chicken business. Either that, or they put something highly addictive in their sauces, because it's hard to stay away from an evil company that makes chicken that freakin delicious.

    It is my hopes that epik steps away from the propaganda business and gets back into the chicken domain business. Perhaps epik will finally drop their infectious pillow talking VP, to better direct that reputation draining mouthpiece's salary, into a legendary bug bounty program or to hire a more capable engineer(s).

    I'd also like to point out that epik's single greatest loss (possibly an even greater loss than the data) was likely the resignation of @Slanted. No matter how good the ship, or how well dressed the captain appears, never underestimate the value of a hard working first mate. It seems @Slanted was the glue that held epik together during their greatest company growth period, and since his departure epik has seemingly been more about curating their pillow talking process (perhaps a strategic capital raising technique?), rather than further developing their inherited intrust code or expanding agnostic business relationships. eg wasting time/energy picking fights/destroying relationships with dan, paypal, godaddy, escrow, etc. All communication mistakes that no doubt would have been handled infinitely better with a competent executive such as @Slanted close to the helm.
     
    Last edited: Sep 19, 2021
  10. Truespin Domains

    Truespin Domains Top Contributor VIP

    Posts:
    1,784
    Likes Received:
    1,357
    I fundamentally disagree with Rob on almost all his personal views and doubt we'd get on, but I am with him on his protection of free speech and people's right to be provocative - provided they are not inciting crime. I also sense he would defend these rights for all groups, not just the ones he supports.

    I also think Epik has tried to move the domain industry forward. I hope they survive.
     
    Last edited: Sep 19, 2021
  11. Chris Hydrick

    Chris Hydrick Account Closed (Requested) VIP

    Posts:
    6,304
    Likes Received:
    9,805
    Has <@Braden Pollock> or any other epik board member / executive / investor made any comment on this instance yet?

    << fictitiously and jokingly tagging @VladimerPutin @MikeLindell @CarrotTop >>
     
    Last edited: Sep 19, 2021
  12. freety85

    freety85 Established Member

    Posts:
    340
    Likes Received:
    1,760
    I only have a few names with Epik since no PayPal option on payments. They have some good ideas and I like various things from their approach. Hope this breach would not affect dangerously user data. Quickly removed my CC details and changed password, but never know...

    I wish they take care of these intruders and the below statement would be true

    IMG_20210919_085950.jpg
     
  13. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,467
    Likes Received:
    4,426
    To any registrar and anytime (com/net). Within 60 days - if and only if the current registrar so allows. In current situation, Epik should make a decision NOT to prevent such transfers imo... There is no winning love by force.
     
    Last edited: Sep 19, 2021
  14. seidimuhe

    seidimuhe New Member

    Posts:
    11
    Likes Received:
    24
    I firmly believe the legendary Epik team will handle the technical issues. Let's show our support to our #epik on social medias.

    Please let me know if there's any other positive # about Epik which is already trending.

    Forever Epik. ✊
     
    Last edited: Sep 19, 2021
  15. Atone

    Atone Established Member

    Posts:
    601
    Likes Received:
    1,370
    Fck epik and Mr monster very slow , lack of communication and so on get God to fix your problems or should that have already happened none believer here signing off. Jump on board Samer .
     
  16. tasaki25

    tasaki25 Restricted (Market)

    Posts:
    862
    Likes Received:
    801
    One question, cards that used in past but was not stored was leaked ?
    Cards that were stored in past but deleted after some time were leaked ?
    Does leak include only cards that was stored at the moment to the hack ?

    Is there any information about when leak started ?
    Is leak uploaded somewhere in public ?
    I hope that everything will be ok.
    Regards
     
  17. Beezy

    Beezy Top Contributor VIP

    Posts:
    6,384
    Likes Received:
    2,321
    Thank you to OP @Silentptnr and users like @Jurgen Wolf for staying on this, and actually getting this company to step up and write an email to their customers on a Saturday night.

    It only took 30 pages and customers begging.
     
  18. emile123

    emile123 Established Member

    Posts:
    213
    Likes Received:
    145
    I received the securiry warning from Epik yesterday.
    What I don't understand is that Epik only advises you to do, is to inform your creditcard company about this.

    What Epik forgets to advise:
    CHANGE YOUR EPIK PASSWORD IMMEDIATELY!

    If hackers have access to your username and password, thats the first thing you need to change.
    That Epik forgets to advise you to change your pasword is an epic fail in communication.


     
    Last edited: Sep 19, 2021
  19. Beezy

    Beezy Top Contributor VIP

    Posts:
    6,384
    Likes Received:
    2,321
    Legendary MARKETING team, yes.

    Technical team looks straight doo-doo.
     
  20. br1ll1on

    br1ll1on Established Member

    Posts:
    198
    Likes Received:
    211
    I believe 60days rules was imposed by ICANN, and if a registrar lets you move yours with that 60days they are breaking the rule
     
  21. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,131
    Likes Received:
    11,038
    Yes, public torrent is available...
    + hackers have this entire and uncensored DB backup as of Feb'28/March'1.

    Replace your CC and also don't store it in Epik account, change credentials and enable 2FA.
    Hard minimum what you must do.
     
    Last edited: Sep 19, 2021
  22. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,467
    Likes Received:
    4,426
    Last edited: Sep 19, 2021
  23. johnn

    johnn WeSellName.com PRO VIP ★★★★★★★★★★

    Posts:
    17,856
    Likes Received:
    8,330
    When you are buying/selling domain names, you are running a business and should not fall in love with a person or company.
    Staying with a damaged company will limit your ability to sell to a bigger market as many sellers will stay away from them.
    Also remember this hacking is not a random hacking but targeted hacking due to political views from the company.
    The company has records of supporting many political groups in the past so there is no warranty that this is the only incident.
    Don't put all your eggs in one basket and make sure you make a right/smart business decision.
    If you are still in love with the man then you should settle that private matter in a bedroom.
    Going against the odds will not prove anything.
     
    Last edited: Sep 19, 2021
  24. kite26

    kite26 Fearless Bird VIP

    Posts:
    6,168
    Likes Received:
    5,883
    I will expand your (right) thoughts. The real target of those who did that is to eliminate the ''workers'' from the ''believers''. Anyone who stay, will be in the same political direction with the registrar. It simply means that they may potentially be their next target. I hope i am wrong.
     
    Last edited: Sep 19, 2021
  25. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,131
    Likes Received:
    11,038
    In other words, don't deal with toxic parties and be happy.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...