alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[franka46]

Probably would have been better without the last paragraph - God, prayer, evil, enemies. That is not usually the type of wording you see about a hack.

All people care about is what happened.

At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.

Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.

You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.

Blessings to you all.

Regards,

Rob Monster
Founder and CEO
Epik Holdings Inc

sucks.. still got a bunch of domains there.. been too busy to move them.. now i suffer like the other lazy people.. we're punished by Rob's god... you know gods never help the little people

sucks.. still got a bunch of domains there.. been too busy to move them.. now i suffer like the other lazy people.. we're punished by Rob's god... you know gods never help the little people

sucks.. still got a bunch of domains there.. been too busy to move them.. now i suffer like the other lazy people.. we're punished by Rob's god... you know gods never help the little people

sucks.. still got a bunch of domains there.. been too busy to move them.. now i suffer like the other lazy people.. we're punished by Rob's god... you know gods never help the little people

 

[Chris Hydrick]

Breaking News: The #EpikFail breach just hit CNN!!
+420 to team #epikfail 🎩

Read HERE https://www.cnn.com/2021/09/21/politics/anonymous-epik-hack/index.html

https://twitter.com/x/status/1440530339013664772

...

But also apparently reddit.com/r/EpikFail/ has been banned from reddit due to being unmoderated?
+1 to the other guys/gals

https://www.reddit.com/r/EpikFail/

https://twitter.com/x/status/1440398982333693958

 

[Chris Hydrick]

Historical Breakdown of these Hitler domains: rooting out any misinformation.as a reminder to fact check ✔

https://twitter.com/x/status/1440419134617964545

1. HitlerNews.com looks to be under Epiks brief control during the expiration period of BellNames,

Based on previous amateur research in the Epik/BC30.com thread HERE <see quoted snippet below> Epik might have inherited the customers of BellNames registrar but not registrar IANA itself> in part of epik's 27,000 customer account acquisition of Intrust Domains.. which explains why/how HitlerNews.com briefly went under epik nameservers after expiration, and why it was still legacy included in the leaked DB with Rob Monster as the default placeholder.

Seeing how Epik is <IANA ID# 617>, not <IANA ID# 653> does the non-compliance notice apply to epik, given epik had allegedly acquired Intrusts 27,000 customer accounts and registry business? And what happened to the customer accounts after the registry connection lease expired and when the registrars were sold to other entities?
History of IANA #653 <eg. Registrar: Intrust Domains, Inc>
August 2004: That Darn Name, Inc <[email protected]>
June 2009: That Darn Name, Inc <[email protected]>
June 2010 - October 2012: Intrust Domains, Inc** <[email protected]>
January 2013 - July 2014: YourJungle, Inc. <[email protected]>
March 2015 - June 2016: NamePal.com #8028 <[email protected]>
September 2016 - Current: NamePal.com #8028 <[email protected]>

Further, since the expiration of HitlerNews.com had briefly appeared as 2015, that was likely a temporary renewal credit during the courtesy renewal period, which epik was refunded when the registrant didn't renew the domain. Supplementing this is the below 2015 domain WHOIS registration of HitlerNews.com at Network Solutions.

When HitlerNews.com hit epik nameservers in 2014, the whois was extended to July 2015. Since HitlerNews.com was later registered in November 2015, below is the nameserver history to corroborate the domain was dropped and not retained by rob / epik after their brief hold of the domain during the point between expired and deleted.

Additionally since there is leftover voodoo.com name servers prior to the 2015 wix nameserver/ netsol registration/addition, namedog.com had cached HitlerNews.com as being included in the September 28th, 2014 available to the public dropped and newly available for anybody to register status.. https://data.namedog.com/Dropped/COM/2014/09-28-2014-COM.php

Sources:
Historical WHOIS powered by DomainIQ.com
Historical NameServer records powered by SecurityTrails.com

 

[Chris Hydrick]

Historical Breakdown of these Hitler domains: rooting out any misinformation.as a reminder to fact check ✔

https://twitter.com/x/status/1440419134617964545

2. HitlerDidNothingWrong.com expired on November 14th, 2014, at what looks to be a domain that might have been apart of the 27,000 intrust customer acquisition.

...

Notice, the nameservers change to epik 3 days after expiration?

....

On January 29th, 2015 it looks like now defunt dropcatching registrar pheenix had caught the domain on the day went through full expiration, and was made available to the general public:

....

So like domain #1, domain #2 looks to be a legacy carry over from possibly epiks intrust customer acquisition, of domains held under epik control / assumingly given the Rob Monster DB placeholder during the brief expiration period.

...

Not going to do the full list, but I just upped my DomainIQ.com membership so I can help out where needed, or if anybody wants to send over any fact checking requests.

*** I have no affiliations with DomainIQ.com, just a happy customer who would recommend other domainers/journalists/researchers to check out their services..

 

[Chris Hydrick]

https://twitter.com/x/status/1440550336796655627

 

[Chris Hydrick]

Sup @ThatNotoriousK WelcomeToNamePros!



To anyone still following along 47 pages in... the below video featuring @ThatNotoriousK is worth a ..

https://twitter.com/x/status/1440361643381198858

 

[NicTraders]

https://archive.is/2021.09.21-18243...ogy/2021/09/21/epik-far-right-hack-anonymous/

I really get sick of some of this inflammatory reporting. They make it sound as if Epik’s sole purpose is to harbour far-right criminals, which really is so far from the truth. In fact he just doesn’t sensor everything like the others do. I’m sure there are websites that are run but left-wingers too. And I don’t like it being implied that I am guilty by association just because Epik is my domain registrar of choice.

In any case it’s a bit sad that this thread seems to just go round and round in circles now as people try and dig up some bit of dirt on Rob or Epik’s practices. There is very little new news at all – just lots of re-posting from Twitter. And much of that is totally out of context or incorrect, as pointed out here:

Hey @#EpikFail Twitter --- please get your facts straight. Out of 180GB of data, with so much to offer, why keep reporting fake news?

All these alleged "Rob Monster" owned domains, is due to a questionable domain expiration process that entails epik temporarily taking over an epik.com expired domain, and offering it for sale.

Breaking News: The #EpikFail breach just hit CNN!!

Means nothing IMHO. This whole situation has created so much hype because people report people who reported someone who read something some other person read on Twitter.... Clear!?... It's self-sustaining. Sadly there is very little actual journalism these days in reporting such things. 90% (or more) of it is a rehash of a report they read somewhere else (or a syndication of same). It's a bit depressing really, if you care about hearing actual facts in your news.

 

[FernandoBMS]

I'm new here too from the Epik Fail aftermath and just want to thank and congratulate the NamePros community for all the information and analysis shared in this thread.

 

[FernandoBMS]

It's a bit depressing really, if you care about hearing actual facts in your news.

As seen earlier in the case of Le Monde's Epik Fail report this community has the power to correct factual errors in the press about this topic, so if you've seen any factual errors in the Whashington Post story just show me where the factual error is so I can make them issue a correction.

(PS: All this is done without harassing or doxxing any reporter)

 

[tonyk2000]

so if you've seen any factual errors in the Whashington Post story

Domain registrar is a company providing domain registrations. Not a webhost. The ICANN-accredited registrar EPIK is no different from GoDaddy etc. in this aspect. A lot of Epik account holders never heard about proud boys and all this stuff. Most notably, non-U.S. based customers (there are a lot).
- May be a good start

 

[jmcc]

Might be a good idea to explain some of the terms that we take for granted (drop catching, PPC parking, registrars, web hosters, registrar bulk transfers (https://www.icann.org/resources/pages/bulk-transfers-2017-10-06-en), Domaining etc) for the people trying to research this on Twitter. It would certainly help remove some of the confusion about who is associated with what domains and why.

Regards...jmcc

 

[Beezy]

A lot of Epik account holders never heard about proud boys and all this stuff.

Well now everyone has heard of them and Epik's association.

 

[carob]

There are people caught up in this who have never used Epik - because Epik scraped their data from public Whois records, which in most cases probably said they did not allow scraping.

But for Epik users - of any number of different Epik services - there are two, or more, classes of concerns, which may or may not overlap. Some customers value one more than the other.

Quality of Service - let's call it QoS
Here data protection has been poor with resulting loss of privacy, need to change passwords, various risks. Some services at Epik appear innovative and attracted customers.

Associated Reputation Shadow/Halo Effect - call it ARSHE
Domains, maybe hosting, at Epik might be affected by Epik's reputation - a Swiss Bank of domains sounds secure. A service provider keeping controversial extremists online when mainstream providers won't could seem tainted, or heroic, depending on point of view. So being at Epik may cast a shadow over a customer and their holdings, or benefit them with a virtuous halo effect.

So how important is the ARSHE effect?

Amazon and Ebay get caught listing illegal or controversial items - they get removed, the platforms don't go out of business and customers don't flee. Banks get fines for money laundering yet stay in business. Shoppers don't desert a supermarket because a terrorist bought a loaf of bread there last week, unless there is a real threat of violence or disruption.

But if a bank has terrible security and looks like collapsing, customers leave. And if a restaurant or club is known to be a meeting place of dangerous extremists, most people do not want to be seen there because the ARSHE effect will tarnish their reputation and even hurt their business.

 

[FernandoBMS]

Domain registrar is a company providing domain registrations. Not a webhost. The ICANN-accredited registrar EPIK is no different from GoDaddy etc. in this aspect. A lot of Epik account holders never heard about proud boys and all this stuff. Most notably, non-U.S. based customers (there are a lot).
- May be a good start

Tony, unfortunately you need to be more specific and show me exactly where the factual error is, the article already says that Epik is a domain registrar.

I'm talking about factual errors, I can't convince the reporter to put angles in the already-printed article that you'd like them to have covered, but you can always send letters to the editors.

 

[tonyk2000]

Fernando, 2 questions: 1. Who are you? An editor? A Whashington Post reader? 2. Trust me, the article should be rewritten 100%. Which makes us returning to the question No 1.

 

[carob]

https://twitter.com/x/status/1440424845808832518

Epik need a reason to hold the PII and they need the user consent under GDPR. Even just a personal name is PII. You can only hold data you need - what do Epik need all those WHOIS records for?

Someone else publishing the data does not give Epik the right to hold it. And usually WHOIS services say you may not scrape them, re-use data etc.

 

[Chris Hydrick]

Well now everyone has heard of them and Epik's association.

I'm not denying epik is a honeypot of the radical right, but let's be objectively fair and aware of scale..

Out of a pool of 100 State+ProudBoys.com / ProudBoys+State.com sample set::

Registered: 19
Unregstered: 81

Registrar Breakdown::

GoDaddy: 10

proudboyscalifornia.com -- GoDaddy for sale landing page
proudboysmichigan.com -- Default GoDaddy landing page
proudboystennessee.com -- Default GoDaddy landing page
proudboystexas.com -- developed -- labeled as Houstons Official Chapter
proudboyswisconsin.com -- Default GoDaddy landing page
floridaproudboys.com -- Default GoDaddy landing page
michiganproudboys.com -- Default GoDaddy landing page
newyorkproudboys.com -- Default GoDaddy landing page
ohioproudboys.com -- does not resolve
texasproudboys.com developed -- labeled as Houstons Official Chapter

NameCheap: 4

proudboyscolorado.com -- static page with a rocky mountain proud boys logo
proudboysutah.com -- developed -- uses https://no_url_shorteners/proudboysusa
illinoisproudboys.com -- default parked page
utahproudboys.com -- developed -- uses https://no_url_shorteners/proudboysusa

Google: 2

proudboysflorida.com -- does not resolve
proudboysnewyork.com -- does not resolve

eNom: 1

proudboysalabama.com -- empty word press template

DreamHost: 1

massachusettsproudboys.com -- parked with a default sleepy cat

Wix: 1

proudboysohio.com -- login / sign up page?

Epik: 0

..

I fully understand that this isn't a full reflection, and is only a small sample based on states/proudboys keywords, and by no means shows full scale. I just wanted to point out that to some epik customers are just domain speculators. No political affiliation. And a lot out of the united states. So the connection can certainly be lost on some of epiks customer base, despite epiks best efforts to force feed their customers with their US political theories.

Nonetheless, at the start of the experiment I expected to find at least one proudboys+state domain registered at epik, but to my surprise they had 0. GoDadddy by sure domains under management was no surprise to housing the most.

Disclaimer::: Ownership of one of these domains doesn't inherently correlate to a direct proud boy or a registrant who shares the same beliefs as proud boys. Before making false assumptions, please research the history of a domains use, such as current development status, or historical archived versions.

 

[Beezy]

I think domain investors knew what their money was supporting, and can't pretend they didn't.

 

[Beezy]

Nah bro, that tip is all yours.

Start posting with more sustenance. Your constant mudslinging is getting old and the bias has been showing for a while now. ⚖

Ok. Epik is MORE THAN A REGISTRAR..

Epik came on here, spammed cheap prices with an army of marketers to pump up their books so they could buy services to hide those people.

You have listed the services yourself.

No mud, these are facts you're aware of.

 

[Chris Hydrick]

I think domain investors knew what their money was supporting, and can't pretend they didn't.

Shitty russian code, and poor security measues? I can honestly say I did not expect that/this.

 

[Chris Hydrick]

Epik came on here, spammed cheap prices with an army of marketers to pump up their books so they could buy services to hide those people.

+420

#truth

 

[Beezy]

Shitty russian code, and poor security measues? I can honestly say I did not expect that/this.

No, the stuff from the Washington Post article which is being refuted above.

 

[Beezy]

I'm just saying if a domainer is like "first time i heard of this", bs...

 

[FernandoBMS]

Fernando, 2 questions: 1. Who are you? An editor? A Whashington Post reader? 2. Trust me, the article should be rewritten 100%. Which makes us returning to the question No 1.

1. I'm the guy who made Le Monde issue a correction about Epik Fail using info shared in this thread and I can do the same with the Washington Post or any media outlet in the world if there's an actual factual error in their reporting. It's what I do.

2. No, I do not trust you, nothing personal, I'm just a skeptic.

 

[jmcc]

Epik came on here, spammed cheap prices with an army of marketers to pump up their books so they could buy services to hide those people.

The registrar business is a highly competitive one and registrars try all sorts of marketing to increase their registration volume. The reality is that many of these domain name do not renew on their first renewal so the registrars are locked into a kind of vicious cycle of trying to get more new registrations to replace the ones that are are not renewed or transferred out. Some other registrars do their marketing with coupons and affiliate discounting.

Regards...jmcc