alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[The Rover]

I think that's quite an assumption that they'll be able to prevent something like this (or worse) from happening again. Perhaps they can "plug the hole", but the infiltrators (and/or copycats) will likely be emboldened by success, the media coverage, and the applause they're getting from a lot of folks (just read the comments on Ars, for example).

Let's imagine that perhaps the goal this time was simply to embarrass Epik and destroy a lot of folks' trust in them.
Let's imagine that customer's financial data wasn't leaked this time around, perhaps domains weren't stolen (yet) this time around.
Who's to say the next attack won't have more of a financial objective (such as domain theft, cc theft, identity theft, ransomware)?

(To be clear: I personally don't know the extent of the damage that's been done, or will be done as the data is spread around the net, sold or otherwise makes its way into the hands of various parties, etc)

Will a second attack even be necessary for this to get a lot worse for folks whose sensitive data may now be "out there" already?

Sooo many questions... it's unbelievable to me that people are doubling down before even seeking answers. Do people seriously value their domains/finances so little? Do these folks not realize that there are now going to be a LOT less people willing to set up an account at Epik? I would advise that anyone who's hoping to sell their domains do a simple Google search for "Epik" and see what potential customers will be seeing. It's not very reassuring.

The reality is that virtually ANY website on the internet can be hacked. Why bother stoking the fires of fear without even knowing the specific details of the breach?

Are we really that "shocked" that one of the most tyrannical, agenda-laden, fascist corporations on the planet (google) isn't hesitating to feature news articles from leftist rags that depict Epik in a bad light the first chance they get? That merely underscores what's at stake here and the motivations for this attack. Many people can see past the absurd headlines attempting to smear Rob. "Far right this" far right that". Truth is, many people are DONE with the baseless labeling and weak, ideological smears.

If people want to transfer their domains over to Epik, they're more than welcome to. Most of these transfers are likely just sending a signal of solidarity, and rightly so. It may come as shock to many here (based on so many clueless comments that I regularly see on here and on other industry blogs) but there are more important things in life than just money and appreciating assets.

There are some things in life that are actually worth fighting and standing up for. I've said it before, and I will say it again: people should be outraged and terrified by the motivations of the hack.

 

[NickB]

this thread went to sh^t pretty quickly - why someone didn't start another one to discuss/argue the pro's and con's of Epik,, Rob, Alt Right, Liberalism etc etc and let this one be about the matter in hand is baffling.......

It's been mentioned a few times - can we just let this thread be about updates on the hack and keep the rest out of it?

 

[DanSanchez]

Please stop with the politics. So boring.

Nah this is a political attack, if it bores you there is an IGNORE button you are welcomed to click anytime. Domain names are the final attack vector they can't shut-down, they've successfully done so with hosting through AWS for example, but domains are practically untouchable. Which is why they matter so much and why they have to focus on registrars to try to affect their operations.

Domains are indeed politically neutral, a big reason why the left is so unhinged on trying to shut them down politically. There is nothing more powerful than a domain, their desperation is blatantly obvious.

I'm sorry, but this week's events dispute that claim.

The hack appears to have taken place off-site, meaning none of the Epik services were actually breached. I worked there for almost two years and I know what it takes to access that backend. This has much bigger implications than what a single team would be responsible for, it likely involves a major company that is also politically inclined to the hardcore-left and they were the ones compromised. How? Who knows. Hopefully we find out so we can all pivot.

Blah Blah Blah.

Left, Right, Center it doesn't matter. Epik just like any other company is tasked with protecting sensitive data.

From all reports, in this case they seem to have failed. That has nothing to do with politics.

Additionally, allegedly storing much of this information in plaint text? Come on.

Epik, and anyone associated with Epik, needs to address the actual concerns regarding the disastrous data breach, instead of trying to turn it into some political bullshit.

Brad

Brad, you're ignoring the substance of the attack. This is entirely political. The plain text stuff is not something I'm qualified to judge, but if you think the politics is "blah blah blah" then you're missing the point. Division is driving this attack and Epik has been singled out for a very long time for being willing to stand up for the right. It is a problem everyone from the center, to the right faces worldwide. This includes libertarians, voluntarysts, and centrists.

Like I said, I'm not speaking as an Epik employee (haven't been since early July), simply as someone who has been on the receiving end of hate and prosecution for not being a left-winger. The entire argument falls apart when you realize most of us are not even right-wing, we are libertarian and freedom-loving individuals willing to defend the rights of all parties who wish to transact with us. If that doesn't concern you, then you still haven't been faced with the possibility of you yourself being attacked for not agreeing entirely with the agenda at hand.

I'm sure the team is going to review all attack vectors and revert to a safer procedure. Like I said, this only made Epik stronger and more self-aware. At least that is my perspective from the outside. We all have a vested interest in making Epik stronger, if one registrar falls for hosting a certain type of political content, no registrar is safe and the entire idea of a domain name being a strong citadel against political neanderthalism will be erased.

Anyway, back to work! Good talking to you all.

 

[Paul]

Some credit cards offer a virtual / one time credit card number that ties to your account. You use it once and then it's no longer any good. You might want to see if any of your cards offer it.

This is the approach I tend to use. Just be careful to avoid developing a false sense of security if you go that route; you still need to monitor for suspicious charges and rotate out the numbers if they're compromised.

READING NOW:

https://techcrunch.com/2021/09/17/epik-website-bug-hacked

Web host Epik was warned of critical security flaw weeks before it was hacked.

Notable:

Security researcher Corben Leo contacted Epik’s chief executive Monster over LinkedIn in January about a security vulnerability on the web host’s website. [...] LinkedIn showed Monster had read the message but did not respond.

Monster confirmed he received Leo’s message on LinkedIn, but did not answer our questions about the breach or say when the vulnerability was patched. “We get bounty hunters pitching their services. I probably just thought it was one of those,” said Monster. “I am not sure if I actioned it. Do you answer all your LinkedIn spams?”

That's strike two. I had a similar experience in which Rob didn't respond when I reported a vulnerability, despite him being the one to initiate communication. The LinkedIn spam excuse certainly doesn't apply there.

I prefer to assume good faith, but my supply of optimism is quickly depleting.

 

[Paul]

NamePros observed a credential stuffing attack beginning around 7:59 PM EDT (UTC-4). On-call NamePros staff were paged around 8:01 PM EDT. I responded. I reviewed recent logins and manually flagged two as suspicious, which logged the users out and forced a password reset. The users will be notified of the reason upon resetting their passwords. The majority of the login attempts were blocked when our system detected an unusual number of failed login attempts and began captcha'ing all logins.

As a precaution, I manually enabled Cloudflare captchas for all logins instead of the usual captchas to ensure that nothing slips through the cracks. We plan to keep it enabled overnight.

At least some of the usernames attempted appear to be in the Epik breach, although that could easily be a coincidence--it's a small industry, after all. The attacker is one we've seen before, and we don't believe they have any affiliation with the Epik breach, though it's certainly possible they've added that data to their list of usernames and passwords.

The attack does not appear to have been successful. The attacker appears to have grown frustrated and attempted to register a new account when they weren't able to compromise existing accounts. The new account was flagged for review and closed.

We're still assessing the situation and trying to determine the best way to secure accounts that appear in the Epik breach. We don't have definitive plans yet.

 

[labrocca]

I've been in Rob's shoes before. My user table on a few hundred thousand members was breached and downloaded. A full password reset might be necessary but you should only do that AFTER you are 100% sure of what happened and have secured the site. Worse thing to do is PW resets then find out that you are breached again. As long as the PW's are salted and of certain difficulty they will mostly be hard to break. As a standard everyone should use 12 characters min (upper, lower, digits, and special chars).

I'm gonna assume they are going nuts securing everything and making the changes needed. Has anyone yet lost a domain? If not, then don't panic. This imho will make Epik stronger. When you start off it's not always easy to know how big you'll get and what security measures you will need. People think it's just a few button clicks for security. You have to code all this crap. Their Federatated single-login feature was probably a bitch to integrate.

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

That's alarming because it's possible they sent delete notices to ICANN for those domains. I've checked my own domains. None show as PendingDelete.

I would think ICANN and the registries would work with Epik to fix any mass domain theft or deletion. It's not like they can't do that.

I doubt Rob is "hiding". My guess is that he has hands full. Is probably on tilt a bit over this too. I know exactly what he is going through. It's not a comfortable moment. He has people posting from Epik. And I am sure he wants to wait till he has everything secure and all the information possible before making statements. He can't come here and be like "we're working on it, we're not sure, we don't think so" because he would just get attacked and we'd see more panic.

The situation imho can take 7-15 days to absolutely fix. And you don't waste time on a forum. You work as fast as you can because your business is at stake.

Overreacting? To what appears to be one of the most complete data breaches?

There has been much worse breaches. Example is Equifax. Again, no one is reporting lost domains. Your credit card data being exposed isn't abnormal. By now everyone I know has at one point or another had their CC stolen. Figure out what's at Epik and report it lost if you so worried. For free your credit card company will replace it. You lose nothing but maybe a bit of hassle.

btw, stuff like this is why blockchain based domain registration make a lot of sense.

I really feel bad for the guy. I respect that he rubs people the wrong way with his religious beliefs. But show some tolerance. People are okay being nice to a guy wearing a dress more than wearing a cross.

imho, you don't allow any domains out unless manually reviewed and you disallow any domain deletions. I think domainers can hold off on sales until their portfolios are secure.

Guys, Epik allows crypto. Suggest if you don't use crypto yet, you begin now.

And to the comment that Epik is liable. You have to prove damages. Most of the legal requirements from a company in a breach are to inform the public. Typically they get into trouble by trying to keep it secret. And credit monitoring is mostly free to people now via their CC company or bank.

Epik will be fine imho. Some damage will happen but Rob is tough, he'll stick it out. I ain't moving a single domain.

 

[tonyk2000]

Anyone who stay, will be in the same political direction with the registrar.

Important observation: a lot of customers, especially non-U.S. based ones, have no interest in U.S. politics at all. Not only this, they do not care about differencies between lets say East Coast and West Coast, Weinstein and Epstein, Republicans and Democrats...
Which is why an IT company, especially if it is providing services worldwide, shout simply stop mixing the business and politics...

 

[tonyk2000]

The last email from Epik ("Update and Options for Affected Epik Users", dated Sep 20th) appears be written by a lawyer. Which is a good sign - no politics, no religion. It is unfortunate that the lawyer is so US-centric that (s)he forgot about non-U.S. epik customers. With all due respect, non-U.S. customers are unable to call U.S. tollfree 800 numbers, and all the references to "free credit monitoring", "Federal Trade Commission" and the like are irrelevant outside U.S...

 

[oldtimer]

That's pretty ironic coming from someone who attacked me for saying some mean things about a company that lied to their customers for a decade about how secure their stuff was.

NamePros members are usually very welcoming to new members, although when you jump in in the middle of a thread like this you might not see the friendly side of things.

At some level a lot of domainers consider Rob to be a friend for the simple fact that in the past he has gone out of his way to personally help them with their domain names and as such I don't think that there are many people here that believe that Rob intentionally has tried to deceive them.

In a way Rob has been a victim of his own high ambitions which caused him to use some sub standard means to expand his company and to make it more popular.

Although Rob has somehow been involved with some AltRight groups for the sake of protecting thier right of Free Speech, but he has also been very tolerant and accommodating to many others who in some cases have had opposing views.

As a Human Rights and Environmental intellectual and activist I myself have been a pain in the neck for Rob in many occasions, but that didn't stop him from helping me with some of my domains that had expired by renewing them and letting me pay for them a few months later which I did.

There is a bond amongst domainers here that transcends politics, religion, race, and national origins and so it should be understandable that a lot of domainers think of Rob as a friend and are protective of him. I assume that they do the same thing for any other member here that might get in trouble.

Aside from the lapses in judgment concerning security, but Rob has always tried his best to stand for Free Speech and some of us here made sure that he kept on the right track. Perhaps it was protecting everyone's Freedom of Speech that has gotten him in trouble now.

https://www.namepros.com/threads/do...se-whose-opinion-is-of-no-consequence.1202601


IMO

 

[blockhead]

Fellas, maybe going in circles forever would be better in a different thread

I'm sure there are still a lot of people just learning about the Original Topic, and it's already gonna be a nightmare digging through so many pages for relevant info. Most simply won't do it.

I think at a certain point it would be far more useful to have a succinct thread of facts without all the discussion.

Right now people mostly just need pertinent advice about what they need to do to secure their account, what passwords need changed, what financial details may be floating around out there now, etc.

There's already several long threads about the pros/cons/discussion of Epik & R.M.

 

[Paul]

Dear Paul,

This is a note written to your highest self.

First of all, I want to acknowledge that NamePros as a community is fundamentally a force for good where industry participants have an opportunity to learn from each other and overcome challenges as they arise. I am thankful that it exists.

My reason for acquiring DNF earlier this year was not because I want to be in the forum business. I don’t. Rather it was because of what I observed to be a systematic anti-Epik bias. This troubled me and the situation at NP did not improve.

As for the most recent hack incident, we are certainly learning from it. You likely heard that we secured significant investment funding. We have not announced the full extent of the hiring and acquisitions but suffice it to say, we have been upgrading.

Already before this investment, Epik was moving swiftly to bring new innovations to the industry. Although we are not without our blind spots or shortcomings, the progress of maturing as a company was well under way.

The hack incident is relatively understood. We know who did it, how they did it, and when they did it. We also have a pretty good idea of why they did it and for whose benefit.

As I review the latest NP thread, what I find most troubling is that you are actively participating in what looks to be a concerted effort to defame and undermine Epik. In all sincerity, and in the spirit of “love thy neighbor”, this is not a good look for you.

Your name is Paul — the namesake of the man who was once Saul of Tarsus. Whoever named you likely had some awareness of Paul. It is a Biblical name. As Bible characters go, Paul is a personal favorite as he embodies the optimistic view on man’s journey.

So, why am I telling you this? Because the choices you are making will have consequences.

Epik will not perish. Our compliance team is following best practices. Our insurance coverage is ample. Our team is solid. Our domains under management continues to grow. And lastly, and most importantly, because God is on the throne.

My encouragement to you is to view your current actions and choices through an eternal lens. If souls are eternal, as I am quite sure they are, then even a $1 million “Epik Fail” bounty would not be worth it if it factored materially in your eternal path.

Finally, as I believe there are many folks who are likely damning themselves with false testimony, I would encourage a time slot that allows forum thread commenters the opporunity to go back and redact any false testimony before it is memorialized for consequence.

Regards,
Rob

Edit:

My reply:

Have I made any incorrect statements of fact? If so, please enumerate them.

His response:

Paul,

This was not a legal letter. Perhaps you have decided to make it one but please know that the note I wrote was written to your eternal soul.

Regards,
Rob

 

[Mr. Glomar]

I'd just like to make a comment about the way this forum is run if I may.

I'm very impressed by the way this thread has been handled, it has been very fair, balanced and well-moderated. Kudos to the owners, it's nice to see, well done!

We're all learning something here and it's very helpful, thank you.

 

[jberryhill]

I've been domaining for over 15 years, and I've never heard people judge a registrar by it's clients, because domain names aren't content.

There are a number of entities which keep track of registrars which have a disproportionate incidence of things in which the entity has an interest. Without either endorsing or criticizing any particular of these "watchdog" type outfits, you can find registrar rankings by, say LegitScript in relation to what they perceive as rogue pharmacies, Spamhaus keeps a "top ten" list of registrars that are used by spammers:

https://www.spamhaus.org/statistics/registrars/

etc.. Spamhaus uses a "badness index" that is normalized to domains under management. Certainly, if you are doing numeric compilations, you would expect GoDaddy to have the highest raw score of (insert "bad thing" here). But if GoDaddy has 10 "bad thing" names to Registrar X's 1 "bad thing" name, but GoDaddy has 100 more domains than Registrar X, then Registrar X has a higher incidence of that "bad thing".

Everyone in the industry keeps something of a running ledger of "what domain registrars are most likely to be utilized by domain thieves". I personally have noticed that I get regular SMS phishing messages using .info domain names which follow a pattern and are remarkably and consistently registered with one registrar.

Over the long term, if a registrar is attracting a disproportionate share of pathological customers, then there can be instability issues. One notorious registrar was disaccredited by ICANN a while back (they may be still arguing in court after a default), so, to any legitimate customers of theirs were adversely impacted by the large volume of abuse upon which they didn't act. But those also involve narrowly defined consensus categories of abuse.

So, registrar responsiveness to certain types of abusive registrants, as ranked by whomever you might trust on things like spam, phishing, child abuse imagery, etc., is worth taking into account in selecting a registrar.

 

[BrunoWillis]

My experience with Epik in the last months has been nothing but terrible.

1. All my phone numbers, emails, domains, addresses, transactions, and old passport data were included in the torrent file and the data breach. Since that time I receive all the time fishing emails and fishing sms.

2. I updated all my passwords and 2FA codes after this breach. But at the same time, they obviously changed their login page from epik com to federatedidentity com. And somehow I have only the 2FA codes for logging in via epik com now but not the federatedidentity com 2FA. Obviously I made the mistake to think that these codes are the same or that you can still log in via epik com with the old 2FA which I generated there. And at the same time, it seems that Epik completely removed the old login page. Before you were able to decide.

3. I contacted support and explained my problem. They mention an account PIN that was not even created by me. Of course I don't know such a PIN which is stored somewhere in my profile obviously without notice. So I try to find a way back into my account. I mention that I can still use my phone number for their sms login or the old epik com login 2FA.

4. They demand that I upload my new passport. I tell them that I won't upload any such documents anymore after the fact that they are responsible for the situation that all my sensitive data is published online. Instead, I offer them to share the document with them in a Dropbox link for one-time view and tell them that I don't give them permission to store any of my identity documents permanently.

5. And what do they do? They tell me that they don't give me access to my account. This company has become completely ridiculous. No SORRY nothing about the shit they have done. I won't upload anything and I don't give you permission to store any identity documents and if you do so, then I will take legal actions. Basta!

Thank you for this mess Epik. First allowing hackers to easily decrypt all data by employing wannabe security specialists who don't know what encryption algorithms aren't secure anymore in 2021. And then for the fantastic communication and having two different logins, and then removing one login etc. That's completely crazy.

 

[The Rover]

sounds like Tall poppy syndrome to me

Cheers
Corey

It's an obvious attack on freedom of speech under the guise of attacking "fascism". This is no different than antifa attacking or harassing innocent people. This attack should terrify everyone. It's all fun and games for many people who are criticizing Epik until their own ideology is threatened. Ideally, politics has zero basis in business, but that isn't human nature.

I have nothing against Rob but the big mistake that he made was mixing between business and politic.

Remind me how GoDaddy isn't political? Remind me how other corporations, including GoDaddy, are not subjecting thier customers to divisionist race baiting tactics in their daily mailouts and on every other social media post? Virtually everything is political in today's times. Rob's vocal support for freedom of speech is a direct response to the ones who don't wish for it to exist. That's a distinct difference between attempting to coerece people into an ideology by force.

This attack might be coming from inside, or it may be deeper than what most people think.

Indeed. This is a strategy to have the majority of the population left with few options but to use companies who only support woke, leftist ideology. This is pure coercion and manipulation. If the fix is in (and it seems to be) we can expect to see more and more leftist groups routinely attacking right leaning groups who for the most part, simply want to be left alone. Sadly, customers will tolerate leftist propaganda endlessly, as long as they're told that their "domains" and bank accounts are "safe".

If that turns out to be true, I'll never use Epik again.

And that was precisely the intention of the hackers.

This should be changed definitely.
It sounds like a provocation, for hackers as well.

Anything can be hacked. Unfortunately, if you happen to be vocal about civil liberties and openly stand for free speech, you're a prime target these days. It's the motivation for the attack is what people should be outraged about. But I digress. People will get the society that they truly deserve. You can't say we haven't had countless red flags regarding the direction all of this is heading towards.

 

[Rob Monster]

Thanks @Rob Monster for the update.
Epik is my Number 1 Registrar, due to the First Class customer service & price.
#LoveYourWork.

Cheers
Corey

Thanks. Appreciate the support.

It has been all-hands on deck all week with many staff working through the night

Stay well and God bless.

 

[Future Sensors]

I'm not going to link to the tweet, for security purposes. But I'm seeing a tweet with sensitive info and I recognized the email as a NPer, so I've DM'd that member. Everyone here who's ever used Epik really needs to take this seriously.

Addition: NamePros members could request [Epik] to mark their account for special NamePros pricing, so I guess there is an administration of this as well, which matches the Epik account with the nP account / forum name.

 

[Bravo Mod Team]

Hello,

With a thread as large as this, it might be helpful to note that threads can be sorted by points:

• https://www.namepros.com/threads/epik-had-a-major-breach.1252094/?sort=likes

We hope that helps.

 

[jberryhill]

As Epik had a massive breach and if they know the hackers involved, it would make sense for them to file a criminal and/or civil complaint against the hackers instead of engaging with them in public, as the hack was indeed extremely illegal.

There seems to be a common popular misconception that private individuals or entities can "file a criminal" complaint as some sort of an alternative or adjunct to filing a civil complaint.

To be clear, private individuals can report crimes to law enforcement authorities, but in the United States one cannot directly prosecute a criminal case. (There is a rare form of "private criminal law enforcement" called a qui tam action, but it is not worth going into not relevant to these circumstances)

Additionally, it would be way too early at this point for law enforcement authorities to have conducted a complete investigation and determined whether there are persons within their jurisdiction to prosecute, or whether the circumstances bear further and deeper investigation.

In either context, engaging with the hackers in public may indeed be something that is useful to do - particularly in the context of seeking admissions that would be useful in a civil case, but sometimes at the request of law enforcement to further their investigation.

Filing an action and enforcing one may, of course, be two different things. Tanya Gersh, for example, was awarded $14M for the abuse inflicted on her by Andrew Anglin, who became hard to find and would certainly have taken advantage of competent legal counsel to advise him on the various risks and potential practical consequences of various courses of action that Anglin might take.

But, in any event, as a private company, one does not independently pursue criminal investigation and prosecution, and there can be practical reasons for not spending money to obtain judgments against the judgment-proof. Conversely, there can be benefits to extracting useful public admissions.

 

[johnjhacking]

Just here to say that it's gnarly to see my book quoted. A friend just told me about it

I can speak on this subject - Rob Monster was asked if he had a Bug Bounty program, in which he declined to respond. I looked at all of the common places for a BBP to be hosted by Epik, but found no results. Additionally, I did not see results for a Vulnerability Disclosure Program either.

intext:"bug bounty" epik(.)com
intext:"vulnerability disclosure program" epik(.)com
intext:"vdp" epik(.)com
epik(.)com/security(.)txt (404 not found)
intext:"report a vulnerability" epik(.)com

Not exactly sure where he's running a bug bounty program and based on past interactions with him, including asking about SDLC processes and receiving the response of "I don't know what that is", I have little faith in his ability to run a program in a responsible manner.

My presumption would be that he would operate a private program (which is good) however, he would probably self-host it. Considering he doesn't know the first thing about what constitutes a data breach, I won't hesitate to say that his BBP [if he has indeed started one] will be miserable for hackers. If he can't understand basic PCI-DSS and GDPR regulations, how could one expect him to understand complex vulnerabilities?

Not maintaining a basic security point of contact is one of the easiest ways to end up with unpatched vulnerabilities sprayed all over the web. On the "contact" page - there's not even a basic POC listed for a security team - which is likely because they don't have one.

 

[FernandoBMS]

Also, Epik has a new CEO.

https://www.einpresswire.com/article/588955207/epik-holdings-inc-founder-appoints-successor-ceo

I bet he's getting A LOT of angry messages right now.

Anyways, I love you guys, you're an awesome community and sometimes I miss you all.

Sending my regards to @Paul,

Cheers,
Fernando

 

[Derek Peterson]

Interesting. I'm going to go and look into the Kirtaner info. We are continuing to update our article that kind of documents the whole sequence of events so as more info is revealed we will continue to update.

Yeah, maybe his "investors" pulled out of the deal after hackers and all of us revealed that epik was all smoke and mirrors and Rob is not an honest person. I just did a search for his name on twitter and tons of people complaining about epik service and payouts. I bet that new CEO is like, what did I do...lol.

https://providencepost.com/a-monster-of-epik-proportions/

@MasterOfMyDomains Looks like Kirtaner was indeed raided for computer hacking but not sure for what specifically. Time frame is from jan 2021 til present.

Also, seems like congress want to talk to him and se how else was involved in hacks. Would not surprise me at all if monster is mixed up in this stuff. https://www.dailydot.com/debug/house-republicans-doj-letter-anonymous-hacks-givesend-go/

 

[Paul]

Then https://www.cscdbs.com/en/domain-management/

Were are talking about the ROOTS/REASONS.
Not about the results and methods (HACKED).

Given a large enough attack surface and a sufficient supply of nefarious individuals, someone somewhere will eventually find a reason to hack anything. Let the courts get to the bottom of that; there's no point in speculating.

Otherwise, this is just going to turn into an unproductive flame war with one side claiming Epik had it coming and the other claiming it's a false flag operation, with both sides offering no evidence beyond a hunch.

There appears to be a lot of data here, and it's going to take researchers quite a while to get through it all, myself included. All that's known thus far is that you should change your passwords. I know everyone is eager to point fingers, but we just don't have the information we need to come to educated conclusions yet.

you're right but nothing is more disappointing and annoying than their silence, this is where you alert your users and ensure they take measures to avoid further damages like losing their domains (I'm pretty sure not everyone using epik knows about this yet)

Perhaps, but right now they're probably stuck trying to lock everything down and figure out what happened. Most sites can be taken offline during incident response; registrars don't really have that luxury. I'm sure there are plenty of frustrated people running on nothing but caffeine and anxiety right now.

Let's all learn from this: plan for breaches now; don't improvise as you go. Every website gets hacked. If you run a website and haven't already planned for that inevitability, now is the time to start so you're not fumbling in-the-moment.

 

[Paul]

So what you are saying they are not hacktivists but use hacktivism as an excuse or justification to have some fun?

Assuming they are who they say they are, that tends to be the case. That being said, now that I've had a chance to review more of the data, I noticed that some of it--particularly, data that might have resale value on the black market--appears to have been redacted. Notably, many of the passwords appear to have been replaced with placeholders that don't appear long enough to be hashes. I'm not certain this was the hacker's doing, but it's a sign they might have kept some of the data for themselves. If that's the case, I would assume that money is also a motive, if not the primary motive.

This is an entirely preliminary assessment, though, and I haven't gone through enough of the data to draw any definitive inclusions. ~150 GB is an awful lot of data. I suspect other security professionals will finish before I do.

Yes, there is still sensitive information in the breach, including PII. Yes, you should still change your passwords. Although there are signs some data may have been withheld from the public dump, it may still be distributed privately and used for nefarious purposes.

 

[Paul]

This thread is now 18 pages long. People are looking for answers, not the same bickering they have come to expect from every Epik thread on NamePros. Let’s try to keep the density of actionable, novel information high.