alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[jmcc]

Might be a good idea to explain some of the terms that we take for granted (drop catching, PPC parking, registrars, web hosters, registrar bulk transfers (https://www.icann.org/resources/pages/bulk-transfers-2017-10-06-en), Domaining etc) for the people trying to research this on Twitter. It would certainly help remove some of the confusion about who is associated with what domains and why.

Regards...jmcc

 

[Beezy]

A lot of Epik account holders never heard about proud boys and all this stuff.

Well now everyone has heard of them and Epik's association.

 

[carob]

There are people caught up in this who have never used Epik - because Epik scraped their data from public Whois records, which in most cases probably said they did not allow scraping.

But for Epik users - of any number of different Epik services - there are two, or more, classes of concerns, which may or may not overlap. Some customers value one more than the other.

Quality of Service - let's call it QoS
Here data protection has been poor with resulting loss of privacy, need to change passwords, various risks. Some services at Epik appear innovative and attracted customers.

Associated Reputation Shadow/Halo Effect - call it ARSHE
Domains, maybe hosting, at Epik might be affected by Epik's reputation - a Swiss Bank of domains sounds secure. A service provider keeping controversial extremists online when mainstream providers won't could seem tainted, or heroic, depending on point of view. So being at Epik may cast a shadow over a customer and their holdings, or benefit them with a virtuous halo effect.

So how important is the ARSHE effect?

Amazon and Ebay get caught listing illegal or controversial items - they get removed, the platforms don't go out of business and customers don't flee. Banks get fines for money laundering yet stay in business. Shoppers don't desert a supermarket because a terrorist bought a loaf of bread there last week, unless there is a real threat of violence or disruption.

But if a bank has terrible security and looks like collapsing, customers leave. And if a restaurant or club is known to be a meeting place of dangerous extremists, most people do not want to be seen there because the ARSHE effect will tarnish their reputation and even hurt their business.

 

[FernandoBMS]

Domain registrar is a company providing domain registrations. Not a webhost. The ICANN-accredited registrar EPIK is no different from GoDaddy etc. in this aspect. A lot of Epik account holders never heard about proud boys and all this stuff. Most notably, non-U.S. based customers (there are a lot).
- May be a good start

Tony, unfortunately you need to be more specific and show me exactly where the factual error is, the article already says that Epik is a domain registrar.

I'm talking about factual errors, I can't convince the reporter to put angles in the already-printed article that you'd like them to have covered, but you can always send letters to the editors.

 

[tonyk2000]

Fernando, 2 questions: 1. Who are you? An editor? A Whashington Post reader? 2. Trust me, the article should be rewritten 100%. Which makes us returning to the question No 1.

 

[carob]

https://twitter.com/x/status/1440424845808832518

Epik need a reason to hold the PII and they need the user consent under GDPR. Even just a personal name is PII. You can only hold data you need - what do Epik need all those WHOIS records for?

Someone else publishing the data does not give Epik the right to hold it. And usually WHOIS services say you may not scrape them, re-use data etc.

 

[Grilled]

Well now everyone has heard of them and Epik's association.

I'm not denying epik is a honeypot of the radical right, but let's be objectively fair and aware of scale..

Out of a pool of 100 State+ProudBoys.com / ProudBoys+State.com sample set::

Registered: 19
Unregstered: 81

Registrar Breakdown::

GoDaddy: 10

proudboyscalifornia.com -- GoDaddy for sale landing page
proudboysmichigan.com -- Default GoDaddy landing page
proudboystennessee.com -- Default GoDaddy landing page
proudboystexas.com -- developed -- labeled as Houstons Official Chapter
proudboyswisconsin.com -- Default GoDaddy landing page
floridaproudboys.com -- Default GoDaddy landing page
michiganproudboys.com -- Default GoDaddy landing page
newyorkproudboys.com -- Default GoDaddy landing page
ohioproudboys.com -- does not resolve
texasproudboys.com developed -- labeled as Houstons Official Chapter

NameCheap: 4

proudboyscolorado.com -- static page with a rocky mountain proud boys logo
proudboysutah.com -- developed -- uses https://t.me/proudboysusa
illinoisproudboys.com -- default parked page
utahproudboys.com -- developed -- uses https://t.me/proudboysusa

Google: 2

proudboysflorida.com -- does not resolve
proudboysnewyork.com -- does not resolve

eNom: 1

proudboysalabama.com -- empty word press template

DreamHost: 1

massachusettsproudboys.com -- parked with a default sleepy cat

Wix: 1

proudboysohio.com -- login / sign up page?

Epik: 0

..

I fully understand that this isn't a full reflection, and is only a small sample based on states/proudboys keywords, and by no means shows full scale. I just wanted to point out that to some epik customers are just domain speculators. No political affiliation. And a lot out of the united states. So the connection can certainly be lost on some of epiks customer base, despite epiks best efforts to force feed their customers with their US political theories.

Nonetheless, at the start of the experiment I expected to find at least one proudboys+state domain registered at epik, but to my surprise they had 0. GoDadddy by sure domains under management was no surprise to housing the most.

Disclaimer::: Ownership of one of these domains doesn't inherently correlate to a direct proud boy or a registrant who shares the same beliefs as proud boys. Before making false assumptions, please research the history of a domains use, such as current development status, or historical archived versions.

 

[Beezy]

I think domain investors knew what their money was supporting, and can't pretend they didn't.

 

[Beezy]

Nah bro, that tip is all yours.

Start posting with more sustenance. Your constant mudslinging is getting old and the bias has been showing for a while now. ⚖

Ok. Epik is MORE THAN A REGISTRAR..

Epik came on here, spammed cheap prices with an army of marketers to pump up their books so they could buy services to hide those people.

You have listed the services yourself.

No mud, these are facts you're aware of.

 

[Grilled]

I think domain investors knew what their money was supporting, and can't pretend they didn't.

Shitty russian code, and poor security measues? I can honestly say I did not expect that/this.

 

[Grilled]

Epik came on here, spammed cheap prices with an army of marketers to pump up their books so they could buy services to hide those people.

+420

#truth

 

[Beezy]

Shitty russian code, and poor security measues? I can honestly say I did not expect that/this.

No, the stuff from the Washington Post article which is being refuted above.

 

[Beezy]

I'm just saying if a domainer is like "first time i heard of this", bs...

 

[FernandoBMS]

Fernando, 2 questions: 1. Who are you? An editor? A Whashington Post reader? 2. Trust me, the article should be rewritten 100%. Which makes us returning to the question No 1.

1. I'm the guy who made Le Monde issue a correction about Epik Fail using info shared in this thread and I can do the same with the Washington Post or any media outlet in the world if there's an actual factual error in their reporting. It's what I do.

2. No, I do not trust you, nothing personal, I'm just a skeptic.

 

[jmcc]

Epik came on here, spammed cheap prices with an army of marketers to pump up their books so they could buy services to hide those people.

The registrar business is a highly competitive one and registrars try all sorts of marketing to increase their registration volume. The reality is that many of these domain name do not renew on their first renewal so the registrars are locked into a kind of vicious cycle of trying to get more new registrations to replace the ones that are are not renewed or transferred out. Some other registrars do their marketing with coupons and affiliate discounting.

Regards...jmcc

 

[tonyk2000]

Mainstream media? Discussing technology issues is not an easy task. Do the authors have enough knowledge to understand all the terms (to begin with), and to make an outcome readable for general public? Not obvious. If they want to publish some sort of a digest from twitter + wikipedia, they did exactly this.

Now, if we are trying to correct wording in this or that article - one can just think about the following logical task:

Yes Or No?
@ Username, did you stop drinking whiskey every morning? Please just answer yes or no.

Which is why - being an IT professional, I'd appreciate better coverage of the topic in mainstream media (= articles rewritten from scratch), but I also undersand that the chances of this are close to zero.

 

[Beezy]

This article in question is about how the data is being used to connect these groups that were using epik, or epik services, or services epik specifically bought to support these groups.

I'm sure all of the blogs in this industry have written about these things, there are many posts on this forum about them, there are entire profiles devoted to defending the decisions to harbor these groups on this forum in fact (not to mention Chris Hydrick image posts connected it all).

So the surprise is a joke. That article looks legit.

Anyway, back to the hack...

 

[Grilled]

Which is why - being an IT professional, I'd appreciate better coverage of the topic in mainstream media

https://domainnamewire.com/2021/09/21/takeaways-from-the-epik-hack-call/
BY ANDREW ALLEMANN — SEPTEMBER 21, 2021

...I think the Swastika guy interaction has been taken out of context

Finally, I’d be remiss if I didn’t defend Monster on one thing. I saw some chatter on Twitter about a guy with a Swastika showing up to the meeting, and Monster saying, “Much love to you.” If you read the totality of the conversation, it’s clear that Monster doesn’t approve of this person’s actions and rhetoric.

....

In other #EpikFail twitter news::

https://twitter.com/x/status/1440599124013768709

https://twitter.com/x/status/1440613712314855424

...

https://twitter.com/x/status/1440605831737659405

...

https://twitter.com/x/status/1440605639231762432

 

[Beezy]

It is not clear!

He was trying to negotiate with people for his own personal reputation, and then someone came in to ruin his reputation and he PRETENDED for a moment that he didn't even know who he was, before he was all "oh, i know who you are, etc." He was flustered because it was blowing up his attempt at looking OK.

There is my professional opinion.

People's data has been secondary this entire time to that man.

 

[Beezy]

He was negotiating people editing his wikipedia page and huffington post article (in his mind), and then his philosophical buddy came in. Oops. You saw that play out.