NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,300
Views:
176,484

  1. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    Some days ago received an email from Have i been pawned regarding data breach.
    Just now got an email from spycloud regarding data breach.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    It also seems Breached data is being sold on dark web. Private Source is generally a criminal trying to sell the hacked data.

    upload_2021-9-24_0-51-23.png
     

    Attached Files:

  3. timestamp

    timestamp Established Member

    Posts:
    365
    Likes Received:
    285
    Username or email are used for login. That's half information. Other half is password.

    Account deletion is needed everywhere. Not just at epik.
     
    Last edited: Sep 23, 2021
  4. FiniteCrystal

    FiniteCrystal Established Member

    Posts:
    89
    Likes Received:
    391
    A username or email is just used to identify which user is trying to log in, remember that people sometimes share their email addresses so they can use email for communicating with people. The password is the secret. Two secrets isn't really any more secure than one secret, which is why 2 factor authentication systems use something you have or something you are instead of 2 things you know.
     
  5. Bravo Mod Team

    Bravo Mod Team Moderator, NamePros Moderator PRO VIP Gold Account

    Posts:
    1,717
    Likes Received:
    2,675
    Threads like this tend to cause a lot of tension within the community. It’s wise to take a break when you feel it’ll be helpful; he’s always been good at doing that. We hope to see him return again when he’s ready.

    While he was heavily contributing to this thread, please create a new thread to discuss topics that are not directly related to the topic of this thread.
     
  6. ReallyBigIdea.com

    ReallyBigIdea.com Restricted (15-30%)

    Posts:
    1,162
    Likes Received:
    1,028
    56 pages... gosh

    I don't remember how many domains I owned with Epik before breach.
    Password updated what next?
     
  7. .X.

    .X. In God I Trust VIP ★★★★★★★★★★

    Posts:
    17,111
    Likes Received:
    21,599
    I feel sure this is being dealt with right now it takes a little time to round up discovery to start preceding… I left my CC wide open just for this very reason ..
     
    Last edited: Sep 23, 2021
  8. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    Do u think there can be any registrar behind all this hacking.
     
  9. Lox

    Lox _____ VIP

    Posts:
    3,825
    Likes Received:
    7,016
    Let me repeat;

    For Domain Investors!
    If pwned, change your email address > @ every registrar.
    Such high levels of "caffeine" can cause serious problems. That's all I can say.

    dyodd

    Regards
     
  10. NicTraders

    NicTraders Top Contributor VIP Gold Account

    Posts:
    3,164
    Likes Received:
    1,481
    So, what exactly is your reasoning for this?... Just because of the probable impending influx of spam, or do you believe this to be a significant security risk? I'd like to hear your explanation for why it's so important. Thanks.
     
  11. FiniteCrystal

    FiniteCrystal Established Member

    Posts:
    89
    Likes Received:
    391
    Quit ignoring the people asking you what your reasoning for this is. What possible reason could someone need to change their email address on all their registrar accounts? If they change all their passwords to a random string and use a password manager, anyone trying to use their email to get into their account will not be able to get in unless they've breached the password manager. It's really quite simple. Enable 2 factor authentication and they'd also have to steal your phone.
     
    Last edited: Sep 23, 2021
  12. NicTraders

    NicTraders Top Contributor VIP Gold Account

    Posts:
    3,164
    Likes Received:
    1,481
    Yep. I can only imagine s/he thinks that with the email, Registrars are open to a social engineering attack which might give the attacker access to my your account, but I really can't see many attackers taking the time for this when there is so much other low-hanging fruit in the breached data. It would be more time-consuming and a lot less rewarding than seeing what you get out of a brute force attack. I personally think a decent pw and 2FA is adequate, but am happy to be corrected...
     
  13. Lox

    Lox _____ VIP

    Posts:
    3,825
    Likes Received:
    7,016
    1 of 38 #ks examples (Registrar Paper form - that's difficult, but not necessarily impossible. e.g. Radiation #acks can be used to scan 2FA via hug, SMS (engineering), secret questions etc). All begin with a phishing email. No more comments. Do whatever you like.

    Think different.

    chgt-email.jpg

    Regards
     
    Last edited: Sep 24, 2021
  14. FiniteCrystal

    FiniteCrystal Established Member

    Posts:
    89
    Likes Received:
    391
    Oh, I'm sorry, I assumed I was talking to people smart enough to avoid clicking on the links in a phishing email.
     
  15. Lox

    Lox _____ VIP

    Posts:
    3,825
    Likes Received:
    7,016
    Example
     
  16. .X.

    .X. In God I Trust VIP ★★★★★★★★★★

    Posts:
    17,111
    Likes Received:
    21,599
    I don't ..not at all ... i did at first .
     
  17. Jv1999

    Jv1999 Wander Aimlessly: Redeemed Knight of the Exo-Tower VIP

    Posts:
    3,093
    Likes Received:
    3,168
    Did everyone's pw get leaked or just some? Was it really in plaintext? Rob didn't really say anythingin the email. He seemed like he was trying to go with "pw not leaked" but change it just in case. No mandatory change required by him.
     
  18. DN Playbook

    DN Playbook Established Member

    Posts:
    545
    Likes Received:
    886
    Have there been any comments from Rob or official statements from Epik?
     
  19. NicTraders

    NicTraders Top Contributor VIP Gold Account

    Posts:
    3,164
    Likes Received:
    1,481
    Thanks for the comment. I appreciate that.
    Personally I am OK with that risk:
    • It's not low-hanging fruit. Far from it.
    • I have no evidence that the attackers have my ID to social engineer something like this.
    • They'd have to get up very early in the morning to get a phishing arrack past me
    • I should receive notification of any such change if it were requested.
     
  20. NicTraders

    NicTraders Top Contributor VIP Gold Account

    Posts:
    3,164
    Likes Received:
    1,481
    That is my understanding, though it's not necessarily 100% possible to know fully as some of the data has been messed with by the attackers (possibly to keep some for themselves).
    Some were in plain text and some were hashed.
    Refer here and here for more details.
     
  21. Frans Citroën

    Frans Citroën aka URLU PRO VIP

    Posts:
    1,650
    Likes Received:
    2,186
    epikfail-tweet.png

    Source: Twitter

    ##############

    The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

    The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called "control objectives". The six groups are:
    1. Build and Maintain a Secure Network and Systems
    2. Protect Cardholder Data
    3. Maintain a Vulnerability Management Program
    4. Implement Strong Access Control Measures
    5. Regularly Monitor and Test Networks
    6. Maintain an Information Security Policy
     
    Last edited: Sep 24, 2021
  22. timestamp

    timestamp Established Member

    Posts:
    365
    Likes Received:
    285
    Last edited: Sep 24, 2021
  23. FiniteCrystal

    FiniteCrystal Established Member

    Posts:
    89
    Likes Received:
    391
    No, in this case the hacker was an activist attempting to expose Epik's wealth of unsavory customers.
     
  24. barybadrinath

    barybadrinath Restricted (15-30%)

    Posts:
    828
    Likes Received:
    1,314
    The thing is all of this will have an effect on those people who are not that much technically sound.
    Passwords can be changed , but my only concern is the exposure of credit card details and physical addresses.
     
  25. Haris

    Haris Best Domainer Of The End-Times VIP

    Posts:
    6,446
    Likes Received:
    8,152
    Passwords can be changed easily. The bigger problem is that the Credit Card info was in plaintext. Now hackers can purchase stuff online with our money unless we cancel our card/s
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...