NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,633
Views:
194,379

  1. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,829
    Likes Received:
    5,672
    They were arbitrarily kicked out by the Registrar not as a result of a judgment by a Panel of Judges.

    IMO
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    The private company is the judge of who they want to do business with. That is how the free market works.

    Brad
     
  3. NameFu

    NameFu Professional Design Services VIP

    Posts:
    1,537
    Likes Received:
    1,397
  4. cbd

    cbd Top Contributor VIP Gold Account

    Posts:
    2,374
    Likes Received:
    1,309
    Fellas, maybe going in circles forever would be better in a different thread 😜

    I'm sure there are still a lot of people just learning about the Original Topic, and it's already gonna be a nightmare digging through so many pages for relevant info. Most simply won't do it.

    I think at a certain point it would be far more useful to have a succinct thread of facts without all the discussion.

    Right now people mostly just need pertinent advice about what they need to do to secure their account, what passwords need changed, what financial details may be floating around out there now, etc.

    There's already several long threads about the pros/cons/discussion of Epik & R.M.
     
    Last edited: Sep 23, 2021
  5. NameFu

    NameFu Professional Design Services VIP

    Posts:
    1,537
    Likes Received:
    1,397
    I wasn't aware of Epik hosting all these disgusting sites. Has Rob Monster ever given a public opinion on why he is OK with hosting this stuff?

    I would assume he has the argument of freedom of speech, but you have to draw the line somewhere and I can't help but to wonder how you can go to sleep at night knowing that you are hosting sites for groups that advocate and promote terrorism.

    I don't like to judge until I hear a person defend himself...until I hear them speak for them self before I decide what to think about a controversy, but so far all of this comes as an extreme shock! 🤯 Like WTF!?
     
    Last edited: Sep 23, 2021
  6. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    They are pretty well known for the extreme content that they allow, and sometimes court.
    Wikipedia highlights that fact.

    https://en.wikipedia.org/wiki/Epik_(company)

    In fact, that Wikipedia entry lead to a Wiki editor named Molly White being targeted and harassed, bullied, doxxed, and threatened.

    More info -

    https://www.namepros.com/threads/epik-wikipedia-battle-is-full-on-right-now.1186029/
    https://www.namepros.com/threads/please-sign-this-petition-to-help-mr-rob-monster.1186329/

    You can read Molly White's response here -
    https://blog.mollywhite.net/response-to-the-changeorg-petition-about-me/

    Some other threads worth a read -

    https://www.namepros.com/threads/whats-going-on-with-epik-and-rob-monster.1128748/
    https://www.namepros.com/threads/an-epik-statement-on-racism-and-injustice.1194949/

    In those threads you can read Rob Monster's own words and see how you feel.

    Brad
     
    Last edited: Sep 23, 2021
  7. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,829
    Likes Received:
    5,672
    My last post on the subject:

    I am not saying that certain websites shouldn't be taken down, all I am saying is that if a website is going to be taken down it has to be as a result of a judgment by a panel of judges and not based on the interests, agendas, and Ideologies of the Registrars, Registries, or Hosting Companies.

    Their TOS should only be applied to clear cut cases that are in violation of the law, everything else has to be decided by a panel of judges. (end of story)

    IMO
     
  8. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,086
    Likes Received:
    1,900
    Just look at facts.

    A company has been boasting about its security and privacy.
    Yet this was hiding under the rug.

    On a sidenote, attracting extremists on a single platform while promoting security is the dumbest thing ever because you will inevitably become the target of hackers and governement organizations of all sorts (even foreign China Russia) for the sole reason of hosting such people.

    Like hey Im Mr China/Russia I want to contact and fund the owners of everyonewhocoulddestroyamericansociety.com, lets hack epik.
    Or a Chinese dissident chooses epik for its Chinese politics forum because it seems like a secure registrar.

    Bound to happen, when you label a company as THE place for deviants, extremists, and dissidents.
    And now everyone knows about it.
     
  9. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    I am not a conspiracy theorist... but get a bunch of extremists using one company, then one of the most complete data breaches in history happens. Names, addresses, passwords, credit cards, VPN records, and much more.

    This a real honeypot for law enforcement.

    Brad
     
    Last edited: Sep 23, 2021
  10. NameFu

    NameFu Professional Design Services VIP

    Posts:
    1,537
    Likes Received:
    1,397
    Last edited: Sep 23, 2021
  11. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,532
    Likes Received:
    8,464
    As a security professional, I would like to point out that the term "honeypot" in security refers to setting up a shadow system with fake data, which is intended to attract hackers and learn from new attack techniques. In Epik's case, unfortunately, it was about real data.
     
  12. Frans Citroën

    Frans Citroën Top Member PRO VIP

    Posts:
    1,664
    Likes Received:
    2,228
    I don't think Brad meant it literally, but the point is clear. The real data in this case is what is most valuable to law enforcement, journalists etc. exposing extremists and not the attack techniques of potential hackers in the conventional honeypot terminology. PS there are different types of honeypots, but that is another topic. But in this case It's like Epik attracted all these "bad" actors, the ultimate honeypot attracting flies in a creative way of speaking. Flies can be hackers or nazis or jan 6th law breakers, extremists etc. etc.
     
  13. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,532
    Likes Received:
    8,464
    You're right. It was more of an addition, to indicate how the term is used in security. In common language it certainly has other meanings as well.
     
  14. NameFu

    NameFu Professional Design Services VIP

    Posts:
    1,537
    Likes Received:
    1,397
    Apologies if this has been posted already, but see hashtag #epikfail on Twitter.
     
  15. Lox

    Lox _____ VIP

    Posts:
    3,834
    Likes Received:
    7,035
    fired
    link

     
    Last edited: Sep 23, 2021
  16. ABcZXy

    ABcZXy New Member

    Posts:
    1
    Likes Received:
    3
    Hii,
    I am new to this whole domain thing; buying, selling domains to make profit. And also, new to NamePros, I should have gone to introduce myself in the forum section, but I guess I will do it later.

    I bought a few of them on Epik through Anonymize privacy add-on. They were mostly for long term holding for my future projects.

    I can't remember exactly, but I had visited the site in 2020 to learn how domaining works. But registered with Epik I think in May 2021 and bought the one I wanted in May-June 2021. I checked myself on haveibeenpawned website with my email address and it seems I am not afffected.

    So, the people who have the data in front of their eyes for whatever reasons, can tell me (or others) with certainty that the data is definitely before Feb2021.

    Thank You.
     
    Last edited: Sep 23, 2021
  17. FiniteCrystal

    FiniteCrystal Established Member

    Posts:
    89
    Likes Received:
    391
    Summarizing the results of my investigation for others with similar questions.

    I don't know when the hack occurred or what exactly the hacker had access to, I am almost certain that the database dump was made on February 28, 2021 or March 1, 2021.
     
  18. MasterOfMyDomains

    MasterOfMyDomains Top Contributor VIP ★★★★★★★★★★

    Posts:
    5,153
    Likes Received:
    5,843
    Lets all pray for this man. 🙏
    On a brighter note. I got namecheap vpn now. I go to daddy, we need to text u a code. I go to namecheap, we need to text you a code cowboy
    I go to epik, click login and wham bamn, thank you masm, i go right to control panel. Maybe you should make everyone login with credentials. Namesilo didnt even remember my username and password with vpn running. Sorry i didnt keep my wurd about posting in thread. At least i am on topic and not trying to hand out milk and cookies
     
  19. FiniteCrystal

    FiniteCrystal Established Member

    Posts:
    89
    Likes Received:
    391
    This is probably the result of FederatedIdentity being responsible for logging you into Epik with OAuth. If you got logged out of Epik's website but didn't need any password, Epik's website is working fine, but since your browser is already logged into FederatedIdentity (the same way you stay logged into Google) and you've already approved the OAuth application, you get logged in instantly. It's possible that Epik wasn't actually logging you out and perhaps you should be logged out of FederatedIdentity as well, but I don't think that's unusual.
     
  20. Beezy

    Beezy Top Contributor VIP

    Posts:
    6,384
    Likes Received:
    2,321
    Just a thought semi-related to the subject of this firing.

    A few years ago when you could get one word .co at godaddy closeouts, one that I thought about for a couple of minutes was j * 1 * h * @ * d . co

    It was a short word! I thought maybe I could make $20 flipping it here.

    Then I gave it some thought, and passed... because I would forever regret if I was screened at an airport because of a domain registration. Or worse.

    Or worse. You know?

    What you register is most likely attached to you, or will get unmasked.

    Anyway, a random recollection from years ago.
     
  21. timestamp

    timestamp Established Member

    Posts:
    368
    Likes Received:
    289
    Epik now needs to enable username change!
    Password - changed!
    Email - changed!
    Username - unable to change!
     
  22. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    Interesting. You might end up seeing a lot more fallout like that.

    There are certainly going to be a lot of people who end up being connected to things they would rather not be connected to.

    Agent swept up in hack canned from brokerage for Holocaust views

    Joshua Alayon allegedly tried to register a slew of domains such as holocaust-truth.com, theholocaustisfake.com, whitechristianrepublican.com and whitesencyclopedia.com

    https://www.inman.com/2021/09/22/agent-swept-up-in-hack-canned-from-brokerage-for-holocaust-views/
     
  23. FiniteCrystal

    FiniteCrystal Established Member

    Posts:
    89
    Likes Received:
    391
    The username is not particularly security sensitive. I don't think it's really used for much. That being said, Epik could probably allow it since they're using sequential numeric IDs for account associations. You don't necessarily have to change your email either, just make sure you change your password and you'll be fine.
     
  24. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,467
    Likes Received:
    4,426
    It is wise.

    Somewhat offtopic here, but once I knowingly dropped a good domain, which (learned this by checking g search results on my domain/term) happened to be similar to another domain (business name) where the owner was sued for something _extremely_ bad. I decided to eliminate even a remote possibility of being (incorrectly) associated with that guy who still owns a domain similar to mine. Naturally, another domainer grabbed the one I dropped and listed it for sale...

    As for epik leaked stuff, replacing the leaked account email in all _other_ places is what I'm doing now. Yeah, it is extra time and efforts - but we should now expect more spam, more hacking and social engineering attempts @ other registrars, potential association with "bad boys" should the epik db become _too_ public+searchable (like panama papers for example), etc etc, etc. So, dropping (at least) this email makes sense imo.
     
    Last edited: Sep 23, 2021
  25. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,467
    Likes Received:
    4,426
    + Account deletion function. Not all current customers will use Epik after the hack, so why do they need Epik account at all?
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...