NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,572
Views:
188,725

  1. Beezy

    Beezy Top Contributor VIP

    Posts:
    6,383
    Likes Received:
    2,319
    I'm sure researchers will assess the real vulnerabilities and hype in time.

    Regardless, you were apparently looking at the account's info in plain text.

    I had to turn on 2 factor auth several places this morning, as researchers in articles have used terms like "completely compromised".
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Seyikp

    Seyikp Established Member

    Posts:
    145
    Likes Received:
    373
    What I am sure of, is that, Epik is coming out from this big and better.
    What the enemies meant for evil is turning into greatness for Rob and Epik in general.
    People can be so wicked. The business he has been building all through his life can't just go down the drain. God never forsake his own people. God said "When you walk through the fire, you will not be burned; the flames will not set you ablaze.
     
  3. Beezy

    Beezy Top Contributor VIP

    Posts:
    6,383
    Likes Received:
    2,319
    Last edited: Sep 20, 2021
  4. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,111
    Likes Received:
    11,014
    I'm waiting only for my next sale, or for enough budget in other words (to transfer out all my domains).
    Rob's and his bank's destiny don't matter for me.
     
    Last edited: Sep 20, 2021
  5. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,167
    Likes Received:
    27,329
    I agree. It is kind of hard to trust a company that was not aware of the hack to do their own audit on what actually happened. I doubt they even know themselves at this point.

    From what we know so far, there appears to have been security issues with how Epik stored and secured data. I am not an expert in the field, but listening to experts in the field it is clear the way Epik stored this data was unacceptable; using plain text, storing CC info, etc.

    It makes sense to bring in actual qualified experts from the outside to analyze it. Maybe the same experts that warned about this ahead of time?

    Brad
     
    Last edited: Sep 20, 2021
  6. Chris Hydrick

    Chris Hydrick Account Closed (Requested) VIP

    Posts:
    6,304
    Likes Received:
    9,805
    Hi Molly --- thanks for stopping by. Very happy to hear from you!

    Le Monde had cited an archived tweet from Braden. Archived, because that tweet was deleted by @Braden Pollock as that tweet thread was getting nasty. That tweet thread, and threats of leaking secrets is what prompted the below (still live) tweet by the DomainKing @Rick Schwartz



    Allegedly when @Rob Monster refused to adhere to @Braden Pollock request to fire @DanSanchez for Dan's dropped phone outburst in the zoom social, Braden drew the line, and released his now deleted resignation tweet.

    ...

    I can't find the footage of the dropped phone during the moment of silence, but below is the DNAcademy social recording from the following week, where epik senior VP of Qommuniations gives a statement on the incident, instead of going on his promised tirade of releasing alleged secret information on the domain industry and its participants.



    Shout out to minute mark: 103:40 to the end of video where Epik senior VP of Qommunications and strateQy (Robert Davis @Intelliname) had some pretty choice words to say about me yours truly.
     
    Last edited: Sep 20, 2021
  7. Jayboltz

    Jayboltz Established Member

    Posts:
    56
    Likes Received:
    48
    With the way you go about your tirades against Epik, one wouldn't believe you'd have anything to do with them let alone having multiple domains with them. I wish you quick sales so you can transfer your domains to a registrar you feel secured and more comfortable with.
     
  8. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,111
    Likes Received:
    11,014
    Everyone gets what he deserves.
    No less, no more.
     
    Last edited: Sep 20, 2021
  9. Molly White

    Molly White Established Member

    Posts:
    89
    Likes Received:
    535
    I saw the archived tweet ("Since @ robmonster and I don't share the same ideology it's time he and I part company. I don't agree with the direction of @ EpikDotCom so I've decided to resign my Board seat, effective immediately.") but nothing connecting the resignation to any Christchurch video showings, hence my confusion on if and how the two incidents were connected. Was it later in the now-deleted thread or was the thread about something else?

    Does Davis still work for Epik? He's been awfully quiet this past week, if so.
     
    Last edited: Sep 20, 2021
  10. Chris Hydrick

    Chris Hydrick Account Closed (Requested) VIP

    Posts:
    6,304
    Likes Received:
    9,805
    They are not connected. If they are, it's not a direct connection that aligns with the timeline of events.

    @Braden Pollock resignation tweet came very shortly after robs refussal to fire the employee who dropped his phone and shouted curse words during a moment of silent for George Floyd at I think the beginning of DomainName Social #13.

    After social #13, Braden released his resignation tweet.

    The tweet thread starts to get nasty, and is then deleted.

    Social #14 as pasted above occurs, and everybody apparently kissed and made up, and therefor no need for Braden to resign. I'm still not sure if Braden ever resigned or not... given the immediate after events of his deleted resignation tweet

    ...

    Braden didn't seem to have a problem with Christchurch. Or if he did, that doesn't appear to be the breaking point that spurred his resignation tweet. He continued on with epik throughout, until the dropped phone outburst in social #13. And now, again, I'm still unsure if he's with the company or not.

    ...

    Or so was/is my understanding. Anybody with direct or better knowledge of the situation, please correct me.
     
    Last edited: Sep 20, 2021
  11. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,167
    Likes Received:
    27,329
    The DOJ and FBI are going to have a field day with this treasure trove of leaked data.

    After the Capitol riot, ‘Stop the Steal’ organizer Ali Alexander was scrambling to hide his digital footprint

    https://www.dailydot.com/debug/ali-alexander-epik-hack-web-domains-capitol-riot/

    Querying the Anonymize email address in the breach uncovers every domain that it appears the far-right figure apparently attempted to hide. Had the hack of Epik not been so expansive, some of the domains may have been difficult if not impossible to link to Alexander based just on the Anonymize email address alone.

    Doesn't it kind of defeat the purpose of a VPN when all this data is archived and easily trackable back to a party?

    Brad
     
    Last edited: Sep 20, 2021
  12. Bravo Mod Team

    Bravo Mod Team Moderator, NamePros Moderator PRO VIP Gold Account

    Posts:
    1,729
    Likes Received:
    2,694
  13. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,167
    Likes Received:
    27,329
  14. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,111
    Likes Received:
    11,014

    No comments.
     
  15. pchip

    pchip Established Member ★★★★★★★★★★

    Posts:
    576
    Likes Received:
    369
    Seriously? Is that the real deal - lol!

     
  16. Lox

    Lox _____ VIP

    Posts:
    3,829
    Likes Received:
    7,030
    2 y ago Network Solutions had a data breach,... after a very heartbreaking PR domains gets stolen anyway. This time more than ever. How many NS based domains reported stolen in 2019-2021 + were not reported but suspicious whois / ns / mx behavior > indicates there's something going on under the surface. Let me guess ... nah that's not okay, but that s* happens anyway ...

    Regards
     
  17. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,447
    Likes Received:
    8,293
    I see some members mention that there has not been any domain theft. But I don't think domain theft has been the reason for this hack. According to the publications on Twitter, all kinds of personal data of Epik customers are now being published on a large scale.
     
    Last edited: Sep 20, 2021
  18. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,167
    Likes Received:
    27,329
    Yes, that is just a deflection from the real issue. It is basically a non-sequitur.

    The actual issue is the personal data, not domain theft. Domain theft would only make things that much worse.

    It's like Verizon leaking all your information then saying, but you still have your phone. It is kind of irrelevant to the underlying issue which is the massive data breach itself, and what appears to be straight up incompetence from the guardians of that data.

    Brad
     
    Last edited: Sep 20, 2021
  19. FernandoBMS

    FernandoBMS Established Member

    Posts:
    57
    Likes Received:
    215
    You were right. Le Monde issued a correction:

    Mise à jour le 20/09 : la version initiale de cet article attribuait à la projection des images de Christchurch la démission d’un membre du conseil d’administration d’Epik. Une démission a bien eu lieu, mais concernait le directeur des opérations de l’entreprise. L’article a été corrigé en ce sens.

    Update 9/20: The original version of this article attributed the screening of the Christchurch footage to the resignation of an Epik board member. A resignation did take place, but concerned the director of operations of the company. The article has been corrected accordingly.

    (I may or may not have tiped the author about this thread)
     
  20. kite26

    kite26 Fearless Bird VIP

    Posts:
    6,161
    Likes Received:
    5,877
    Update and Options for Affected Epik Users

    Hello,

    We previously notified that on September 15, Epik confirmed a data intrusion involving its customers’ personal information. Though our forensic investigation is still ongoing, we can now confirm additional details of this intrusion.

    What happened:
    While we continue to investigate, we believe that on or before September 13, 2021, unauthorized third parties accessed a backup copy of Epik’s domain-side service accounts through one or more non-public servers.

    What personal information may have been obtained:
    Name, address, email address, username, password, phone and VAT number (if given), transaction history, domain ownership, and for a small subset of users, credit card information.

    What we are doing:
    As previously stated, we have retained multiple cybersecurity partners to investigate the incident, secure our services, help affected users, and notify you, law enforcement, and other relevant authorities. We are continuing to communicate with relevant authorities and other stakeholders as well.

    At this time, we have secured access to our domain-side services and have applied additional security measures to help protect services and users going forward.

    In addition, we will offer free credit monitoring until September 15, 2023, for all affected Epik users; more details on this free service will be made available soon.

    Additional options for users:
    1. Change your Epik password and enable two-factor authentication by visiting: https://www.epik.com/support/knowle...ssword-epik-user-password-when-user-forgot-it

    2. Call Epik Toll-Free at 800-510-3282 for further information and assistance.

    3. The Federal Trade Commission (FTC) recommends that you place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. This can be done by contacting any one of the three major credit bureaus:

    Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
    Experian: experian.com/help or 1-888-397-3742
    TransUnion: transunion.com/credit-help or 1-888-909-8872

    4. Request a free credit report from each credit bureau after placing a fraud alert on your file. Review these credit reports for any accounts and inquiries you do not recognize, as they may be signs of identity theft. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and obtain recovery steps. Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically so you can spot problems and address them quickly.

    5. You may also want to consider placing a free credit freeze on your file. A credit freeze prevents potential creditors from obtaining your credit report, making it less likely for an identity thief to open new accounts in your name. To place a freeze, contact each of the major credit bureaus using the links or phone numbers above. A freeze will remain in place until you ask the credit bureau to temporarily lift or remove it.

    6. Visit IdentityTheft.gov/databreach, for additional resources and help to protect yourself from identity theft or call 1-877-438-4338.

    7. Learn more about your rights under the Fair Credit Reporting Act here.

    8. Contact your local Attorney General or local law enforcement to report suspected identity theft by filing or obtaining a police report.

    Thank you for your continued support. We will continue to keep you updated.
     
  21. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,167
    Likes Received:
    27,329
    It probably would have been easier to just list what data was not obtained. It would be a shorter list.

    Brad
     
    Last edited: Sep 20, 2021
  22. Corey

    Corey GDBR. com VIP ★★★★★★★★★★

    Posts:
    15,038
    Likes Received:
    18,661
    not sure why non customers are so concerned about the Registrar, owner & customers.

    Cheers
    Corey
     
  23. kite26

    kite26 Fearless Bird VIP

    Posts:
    6,161
    Likes Received:
    5,877
    Not? All
     
  24. NameWell

    NameWell Established Member

    Posts:
    474
    Likes Received:
    1,211

    3. The Federal Trade Commission (FTC) recommends that you place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. This can be done by contacting any one of the three major credit bureaus:

    Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
    Experian: experian.com/help or 1-888-397-3742
    TransUnion: transunion.com/credit-help or 1-888-909-8872


    Could someone please explain how this works? Is this worldwide? Is this for residents of any country? If you cancel your credit card do you still have to contact those credit bureaus and place a fraud alert?
     
  25. frank-germany

    frank-germany domainer since 2001 / musician VIP

    Posts:
    9,122
    Likes Received:
    13,720
    yes I agree,
    you better stay with epik
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...