NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021 at 6:17 PM

Replies:
885
Views:
45,628

  1. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,355
    Likes Received:
    4,071
    Resetting 2fa may also be a good idea. What if the server side of this authentication system was also compromised (if everything was in plain text, how can we be sure?). Of course, doing this makes sense only on a clean system (the hackers may still have an access, why not?)
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. eternaldomains

    eternaldomains Established Member

    Posts:
    455
    Likes Received:
    268
    Thanks, I was looking at the wrong place (at FederatedIdentity).

    But that's why I said country based, the current whitelisting feature says I need to input my own addresses, and as someone with dynamic IP, I don't even know where to start. If I put in my current IP address, the next time I go online I'll be forever locked from accessing Epik. Not good. That one is only good for static IP addresses.
     
  3. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,489
    Likes Received:
    24,479
    Right, I use a static address so I see what you mean.
     
  4. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,489
    Likes Received:
    24,479
    If everything was in plain text that's a fucking disgrace.
     
  5. frostify

    frostify Top Contributor VIP

    Posts:
    1,813
    Likes Received:
    952
    I’d also suggest that everyone setup 2-factor authentication with any email addresses associated to accounts you may have at Epik. Most such as Gmail, Yahoo, ProtonMail, etc. allow you to setup 2FA. Make sure you’re not reusing the password from your Epik account on any other websites or services.
    -

    “If everything was in plain text that's a f*cking disgrace”

    If all the facts come out and this does turn out to be the case then I 100% agree with that statement. I really hope this isn’t true but it’s still crickets from Epik.
     
    Last edited: Sep 15, 2021 at 8:31 AM
  6. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,816
    Likes Received:
    10,614
    You need to know all your IP ranges - in case of your country.

    I like: how it works with another company - only certain IPs are allowed.
    When access from another IPs - their system sends email to confirm it.
     
    Last edited: Sep 15, 2021 at 8:29 AM
  7. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,489
    Likes Received:
    24,479
    I was just on customer service asking about the whitelisting again and of course the gentleman is not management but he said

    Thank you for reaching out. We are not aware of any breach. We take the security of our clients' data extremely seriously, and we are investigating the allegation.
     
  8. karmaco

    karmaco Top Contributor VIP

    Posts:
    3,145
    Likes Received:
    8,715
    Anyone who didn’t have 2 factor on allready is not security minded. I really want to know why Epik is remaining silent. An email should go out to all customers on the facts and current risk level.
     
  9. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,816
    Likes Received:
    10,614
    You may ask Afternic...
    Whole countries (mine is among them) are banned on their firewall for many years, so they have this IP data.
     
  10. eternaldomains

    eternaldomains Established Member

    Posts:
    455
    Likes Received:
    268
    Exactly. 2FA is just a dangerous PITA. Lose your phone, lose your life. Phone becomes incompatible, life becomes incompatible. Bad forced update on phone, bad forced update on life. Conman-hacker tricks telco company to get phone number and takes everything from you. 2FA is over-marketed. Best is to make up your own security tricks and be silent about it. The more popular a security method becomes the more hackers will target that method.
     
  11. eternaldomains

    eternaldomains Established Member

    Posts:
    455
    Likes Received:
    268
    I doubt Afternic will tell me that..... I'm not banned either
     
    Last edited: Sep 15, 2021 at 8:33 AM
  12. Finest

    Finest Top Contributor VIP

    Posts:
    2,499
    Likes Received:
    1,969
    If that turns out to be true, I'll never use Epik again.
     
  13. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,816
    Likes Received:
    10,614
    Use 2FA via SMS, it works there.
     
  14. frostify

    frostify Top Contributor VIP

    Posts:
    1,813
    Likes Received:
    952
    “If that turns out to be true, I'll never use Epik again.”

    My concern as a reseller is that no buyer will ever trust Epik landing pages or the Epik marketplace for conducting business or purchasing my domains if all of this is really true (which as of now is still speculation).

    I’m still reserving judgement until we get an official statement from Epik.
     
    Last edited: Sep 15, 2021 at 8:39 AM
  15. April004

    April004 Established Member

    Posts:
    129
    Likes Received:
    168
    oh sh*t!
    According to Anonymous press release it quite a major chunk of data appears to be leaked.
    Epik's leaked info includes:
    • All domain purchases
    • All domain transfers in/out
    • All whois history, unredacted
    • All DNS changes
    • All email forwards, catch-alls, etc
    • Payment history (no credit card data, don't get excited, FBI, we're not in that game)
    • Account credentials for:
      all Epik customers, hosting, Anonymize VPN, and so on
      Epik internal systems, servers
      Epik's GoDaddy logins
    I hope it to be false.

    I've had single domain with Epik in the past and had paid by paypal then. Later moved on elswhere.
    But still have account with them.

    Just changing my login email and password to be on safer-side.

    But users having active domain, email, hosting should also change all their passwords of all accounts, control panels too, just to be safe.
     
  16. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    1,809
    Likes Received:
    6,657
    If there's a breach, you should be on high alert even when visiting the control panel. What code is executed? The breach may be a stepping stone to other companies and high profile clients. There are so many ways systems can be compromised. This is not about having a good password alone.
     
  17. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,816
    Likes Received:
    10,614
    [​IMG]

    This should be changed definitely.
    It sounds like a provocation, for hackers as well.
     
    Last edited: Sep 15, 2021 at 8:52 AM
  18. domaindevil

    domaindevil Established Member ★★★★★★★★★★

    Posts:
    34
    Likes Received:
    23
    The lack of communication from Epik's side is just mind boggling. I am movig out all my domains from Epik ASAP. Trust = lost.
     
  19. Samer

    Samer Top Contributor VIP

    Posts:
    11,192
    Likes Received:
    21,803
    They sound like terrorists, committing jihad.

    in the name of Anonymous. They probably picked “Anonymous” after they saw it was the group that hacked the Tx GOP site on.. 9/11/21
    Some cant help but take gratification; classless

     
    Last edited: Sep 15, 2021 at 9:07 AM
  20. TheBaldOne

    TheBaldOne Top Contributor VIP Gold Account ★★★★★★★★★★

    Posts:
    2,491
    Likes Received:
    1,582
    Calm down everybody.

    At the moment we have some idiot/s posting that they have hacked Epik - but absolutely no proof of such. It might well be that an attempt was made and might well be an ongoing attempt (happens all the time in the world we live in). However, has anyone actually seen ANY proof of a successful hacking? The most that anyone has actually reported witnessing is a slowing down of some services - often a typical sign of a DDOS attack as far as I understand it.

    The fact that so many members here have been able to change passwords, alter/cancel payment methods, and institute 2 factor security seems to indicate that things are working normally.

    At the moment the damage is being done to Epik not by a hack but by the propaganda that a supposed hack has occurred. People are running around imagining the worst, and of course this is not helped by the silence from Epik - but that silence might well be orchestrated at the advice and guidance from law enforcement or security teams. (So far it seems to me that this is a failed attempt at worse but the hacker/s now are trying to garner something from it.)

    As I said at the start of this post - 'Calm down everybody'.

    And yes I do have have domains at Epik, and until the story unfolds I see no reason presently at all to move them.
     
    Last edited: Sep 15, 2021 at 9:01 AM
  21. alcy

    alcy Top Contributor VIP

    Posts:
    19,887
    Likes Received:
    34,443
    does she agree?
     
  22. alcy

    alcy Top Contributor VIP

    Posts:
    19,887
    Likes Received:
    34,443
    rob was always great and helpful to me. so no bad personal experience here.

    but I've no names I want left there...cause of ui I dislike... lack pp doesnt help..and prices which are definitely not industry leading
     
  23. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    1,809
    Likes Received:
    6,657
    This is a strange conclusion...
     
  24. topdom

    topdom Top Contributor VIP

    Posts:
    1,651
    Likes Received:
    1,390
    You can chat with Epik, and get an unofficial response. (Don't overdo it, I mean throw a dice and if it is not 1 (or what you had in mind, 1/6 chance), don't do anything.)
     
    Last edited: Sep 15, 2021 at 9:08 AM
  25. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,816
    Likes Received:
    10,614
    @Rob Monster
    How are compatible this logo and integration of the idiotic Estibot (one more hole)?
     
    Last edited: Sep 15, 2021 at 9:07 AM

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...