NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
1,633
Views:
87,896

  1. Samer

    Samer Restricted (15-30%)

    Posts:
    11,237
    Likes Received:
    21,896
    These people are as much “activists” as gorilla mask women that threw an egg at Larry Elder.

    Samer
     
    Last edited: Sep 15, 2021
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Finest

    Finest Top Contributor VIP

    Posts:
    2,508
    Likes Received:
    2,011
    Epik's continuing silence is more concerning than the claims. It's fueling speculation.

    If the incident is a data theft breach, then systems remain intact. They will continue to work normally. In many similar cases, the victim first knows about the attack when the attacker exposes the stolen data or announces the attack (sounds familiar?)
     
    Last edited: Sep 15, 2021
  3. Samer

    Samer Restricted (15-30%)

    Posts:
    11,237
    Likes Received:
    21,896
    My people downloadin the data as we speak

    Still call bluff.

    P.S. No domains lost by epik. Still Zero! Nada

    Samer
     
    Last edited: Sep 15, 2021
  4. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    Who’s Financially Responsible for Cybersecurity Breaches?
    [​IMG] by Kayla Matthews on September 17, 2019
    As networks become less secure and the data stored on the cloud becomes more valuable, cybersecurity breaches are becoming both more expensive and more frequent. In the first six months of 2019 alone, data breaches compromised more than 4.1 billion records.

    Cybersecurity experts and IT workers can’t prevent every breach, but in some cases, it’s clear the appropriate steps weren’t taken to protect data. The cost of the breaches raises the question: Who should pay when a customer’s data gets stolen?

    What Does the Law Say?
    The current legal framework regarding data breaches isn’t particularly detailed. Beyond laws requiring disclosure of data breaches to affected customers, there are only a few laws governing who is responsible for a data breach.

    Under current law, the data owners—the firm or organization that is storing user data—are responsible for data breaches and will pay any fines or fees that are the result of legal action.

    The data holder—the organization that provides the cloud storage service—can’t usually be legally implicated or held responsible. If a data breach occurs, the data holder must notify the data owner, but not much else beyond that.

    A data owner’s level of liability depends on what safeguards it was taking to protect user data. Failing to control network access or not encrypting user data, for example, will make a data owner more liable for the damages caused by the breach. A data owner also can be held responsible for not informing affected customers soon after a breach occurs.

    Most international laws governing data privacy and breaches are similar: Both Japan’s APPI and the EU’s GDPR require companies to take measures to defend customer data and notify customers in the case of a breach.

    https://securityboulevard.com/2019/09/whos-financially-responsible-for-cybersecurity-breaches/
     
  5. TheBaldOne

    TheBaldOne Top Contributor VIP Gold Account ★★★★★★★★★★

    Posts:
    2,499
    Likes Received:
    1,598
    The 'silence' is indeed annoying, but if at the advice of law enforcement or security then should Epik ignore such advice? I personally think not.


    But we are not in a situation of Epik not knowing of this supposed attack are we. Well before now certain actions to protect the system would have been implemented - but no change has been identified by anyone.
     
  6. Finest

    Finest Top Contributor VIP

    Posts:
    2,508
    Likes Received:
    2,011
    No they shouldn't. But I doubt law enforcement would advise against a "we are aware of this goddamn thing and we are looking into it" kind of statement. The absolute silence is what provokes suspicions, I think.
     
  7. MadAboutDomains

    MadAboutDomains Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,654
    Likes Received:
    2,333
    To be fair, some companies keep quiet about data breaches for years or never tell anyone. Pretty sure Facebook took ages to reveal the extent of theirs, but don't quote me on it. Not that that helps the situation...

    I just assume every website has been hacked, it wouldn't stop me using a company. I'd even say that those companies that have been affected by this kind've thing are probably going to be even more careful afterwards if there are issues.

    Put your phone number or email into https://haveibeenpwned.com/ and prepared to be horrified.
     
    Last edited: Sep 15, 2021
  8. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    I agree with you if it's at the advice of law enforcement, but Epik's legal counsel has to be coming back at them as well, to make clear, "Look if we continue to wait, we can be sued big time, possibly out of business, Epik is not Google or Apple.

    A data owner’s level of liability depends on what safeguards it was taking to protect user data. Failing to control network access or not encrypting user data, for example, will make a data owner more liable for the damages caused by the breach. A data owner also can be held responsible for not informing affected customers soon after a breach occurs.

    As someone else pointed out a good lawyer can show damages to each person with names on Epik landing page who believes a lack of trust has harmed his or her ability to make sales at Epik or as a result of Epik landing pages.

    This is getting very complicated. Because if that data was not encrypted?
     
  9. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    Facebook, Inc. will pay a record-breaking $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy, to settle Federal Trade Commission charges that the company violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.
     
  10. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    The year 2019 has already seen organizations slammed with sizable fines and settlements for security incidents or misusing customers’ information. Ever since GDPR was launched, data regulators are getting more serious about companies that are not serious about consumer data protection.

    According to a report from IBM, the average cost of a data breach has increased to US$ 3.92 million, which is a 1.6 percent increase in costs in 2018 and a 12 percent rise over the last five years.

    Cyber-attacks, data thefts, weak security, mistakes, and cover-ups have cost these companies a huge fortune.


    https://cisomag.eccouncil.org/6-times-data-regulators-churned-out-high-penalties-in-2019/
     
  11. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,866
    Likes Received:
    10,740
    If fake attack - why slowness yesterday?
    I don't believe: that their platform is so weak in terms of load, where even own customers can affect it...
     
    Last edited: Sep 15, 2021
  12. Samer

    Samer Restricted (15-30%)

    Posts:
    11,237
    Likes Received:
    21,896
    Facebook made $100B profit.
     
  13. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    Now Wikipedia updated it

    Alleged hack
    The hacktivist group Anonymous claimed in a September 13, 2021 press release that they had gained access to "a decade's worth of data" belonging to Epik that included domain registration and transfer details, passwords, all of Epik's customers' account credentials, logins, and payment history.[22] The Distributed Denial of Secrets (DDoSecrets) organization announced later that day that they were working to curate the allegedly leaked data for public download, and said that it consisted of "180 gigabytes of user, registration, forwarding and other information".[23]

    Epik's CEO wrote on Twitter that the alleged hack was a "non-story" and a "nothingburger",[22] and the company subsequently told Gizmodo they were "not aware of any breach".[23]

    https://en.wikipedia.org/wiki/Epik_(company)
     
  14. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    Yeah that's fantastic we are talking about companies and their responsibilities and getting sued over data breaches. Epik did not make $100B
     
  15. Lox

    Lox _____ VIP

    Posts:
    3,777
    Likes Received:
    6,917
    They (persons behind the (supposedly) #ak are running a guerrilla type of campaign. Nothing yet about DB, still hanging in the air. Because there is something that it is like to be fake news ... I'm going to stay on the "E is not #aked" side for now.

    Another thing ... for about 10 min the Lolz did this .... archive.today

    epkahv.jpg

    fake (level 1 engineering)

    11111.jpg
     
    Last edited: Sep 15, 2021
  16. Samer

    Samer Restricted (15-30%)

    Posts:
    11,237
    Likes Received:
    21,896
    Wikipedia is having wet dreams on it —This company has the worst bias against em

    There is no oversight of epik’s page;
    it’s hijacked by activists…
     
    Last edited: Sep 15, 2021
  17. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
  18. MadAboutDomains

    MadAboutDomains Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,654
    Likes Received:
    2,333
    How did they manage to get archive.today to archive a page that didn't exist? Or did it exist?
     
  19. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,866
    Likes Received:
    10,740
    So nobody with Gigabit connection to download this torrent and to check it? Fake or real data...
     
  20. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    Data Breach vs. Cyber Liability Insurance: Is there a Difference?


    If you’ve ever looked into protecting your business from cyberattacks, you have probably heard the terms data breach insurance and cyber liability insurance. Since they are often used interchangeably, many tend to confuse the two.

    Is there actually a difference? Yes. Simply put, cyber liability insurance covers monetary losses from a breach AND provides legal protection. Data breach insurance only protects your financial interest.

    Let’s take a deeper look at each type of coverage to get a clear understanding of the differences between the two. We’ll also discuss what you should consider when looking for protection against a cyberattack.

    https://www.dhia.com/blog/data-breach-vs-cyber-liability-insurance-is-there-a-difference/
     
  21. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    I would really like to hear from who I think are the two of the top smartest people on these topics on this forum, @Paul @Michael
     
  22. equity78

    equity78 Top Member TheDomains Staff TLDInvestors.com PRO VIP ★★★★★★★★★★

    Posts:
    16,495
    Likes Received:
    24,533
    Maybe @Lox
     
  23. Lox

    Lox _____ VIP

    Posts:
    3,777
    Likes Received:
    6,917
    My CS team confirmed, - it is known that the Archive (is) is being used as a disinfo hub for .... years. The easiest way was/is to manipulate screenshot metadata (f.e. jpg/png source code) but also there's injecting the fw code (no further info) ...
     
    Last edited: Sep 15, 2021
  24. Lox

    Lox _____ VIP

    Posts:
    3,777
    Likes Received:
    6,917
    Still hanging on 5.8% ... for hours. The examples doesn't look like there's something "important". You can easily collect SSH dnssec and other public keys and in-out dn transfer/movement data . That's mostly "good-natured" data.
     
    Last edited: Sep 15, 2021
  25. carob

    carob Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,835
    Likes Received:
    5,277
    The Swiss Cheese of domains?
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...