NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,627
Views:
193,495

  1. noneisnone

    noneisnone 444 VIP

    Posts:
    2,763
    Likes Received:
    2,251
    @Derek Peterson heya derek not taking sides here since i don't know the backstory or the history you guys have but the screenshots you provided show no proof of threat or am i missing something ?
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    324
    Likes Received:
    252
    Rob was claiming that he "owned" and "controlled" a VPN service and was promising everyone total privacy and security but it was in fact a white label he was reselling for which he NO control over at all.
     
  3. Pazu

    Pazu Established Member

    Posts:
    569
    Likes Received:
    1,178
  4. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    324
    Likes Received:
    252
    It sure would be suspicious if one of EPIK's owners was a LIBERAL civil rights guy whose family is fighting against the male patriarchy and racists. Imagine if an owner of EPIK was married to [redacted], who is the daughter or [redacted]. Well now, that would sure be suspicious.

    https://web.archive.org/web/20190511074513/https://www.epik.com/about/directors/

    Edited by moderator: removed the names of someone's family members. Internal ref: /c/3239481/
     
    Last edited by a moderator: Oct 9, 2021
  5. NicTraders

    NicTraders Top Contributor VIP Gold Account

    Posts:
    3,164
    Likes Received:
    1,486
    I am surprised at how few domains you need, to be inside their top 50 clients. I had expected a lot more Epik domainers to have over 1,000 domains.
     
  6. Kingslayer

    Kingslayer Top Contributor VIP

    Posts:
    2,137
    Likes Received:
    5,709
    I was just thinking about what happens if a domain registrar goes out of business, I’ve never known it in my 6 years investing in domains, so I am curious what happens if Epik go out of business (I have no reason to believe they are).

    What happens to people’s assets within that company? Would they have to give customers a certain amount of time transfer out? What would happen to customers’ assets if they don’t transfer out upon closure?
     
    Last edited: Sep 26, 2021
  7. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,131
    Likes Received:
    11,038
    In case of their termination by ICANN - all domains will be moved to another accredited registrar automatically, except ccTLDs.
    And that's all.
     
    Last edited: Sep 26, 2021
  8. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    It has happened in the past. Registrars have gone out of business and been de-accredited by ICANN.
    The domains will be transferred to another registrar.

    However, that only covers the domains themselves.

    If you have others assets in a company, for instance in Epik's case Masterbucks, that is not going to be covered by ICANN. It is probably not likely to be covered by anyone.

    If a business was to fold you normally end up in the line with others creditors; usually near the back of the line.

    Brad
     
    Last edited: Sep 26, 2021
  9. CraigD

    CraigD Top Contributor VIP

    Posts:
    4,840
    Likes Received:
    11,381
    I can't see that happening in this case.

    I was using Registerfly when they imploded in 2007.

    ICANN took a while to act, but eventually domains were provided a Server-Delete-Prohibited status as many were expiring and could not be renewed at Registerfly.

    GD took over the portfolio and customers. The transfers were done automatically and organised by ICANN if I remember correctly.
    https://en.wikipedia.org/wiki/RegisterFly

    EDITED.
     
    Last edited: Sep 26, 2021
  10. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,829
    Likes Received:
    5,672
    When Epik became an accredited registrar didn't they have to pass certain tests and evaluations as far as their security protocols go and if they passed and got their accreditation then ICANN might consider Epik to be more of a victim than a villain as far as them getting hacked now (just saying).

    IMO
     
    Last edited: Sep 26, 2021
  11. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,131
    Likes Received:
    11,038
  12. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    I am not really sure how much vetting ICANN does as far as that goes, especially on an ongoing basis after accreditation.

    ICANN has terminated the accreditation of several registrars for a variety of reasons, but it is usually for blatant violation of policies. There certainly could be some in this case, but really we are in uncharted waters with the size and scope of this data breach when it comes to a registrar. Nothing has ever come close to this.

    I expect something to come from ICANN at some point, but who knows what it will be. They are usually extremely slow to act on anything.

    Brad
     
    Last edited: Sep 26, 2021
  13. Kingslayer

    Kingslayer Top Contributor VIP

    Posts:
    2,137
    Likes Received:
    5,709
    If that 'automatically' happens, Epik are known for allowing domains that no other domain registrar will touch, I'm curious how 'automatically' will work then.
     
    Last edited: Sep 26, 2021
  14. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,829
    Likes Received:
    5,672
    Perhaps ICANN can start by reevaluating all the security protocols across the board at all the Registrars and Registries.

    The fact that Epik has gotten hacked has made certain flaws in their system to come to everyone's attention, but who's to say that the same flaws (or even worse) don't exist at other registrars.

    This could become a learning experience for the Industry as a whole to patch up all the security holes.

    And while they are at it ICANN should also make sure that everyone's business practices are fair and above board.

    IMO
     
    Last edited: Sep 26, 2021
  15. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,528
    Likes Received:
    8,449
    Last edited: Sep 26, 2021
  16. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,528
    Likes Received:
    8,449
    It doesn't work this way. The interests of the registrants are paramount.
     
    Last edited: Sep 26, 2021
  17. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,829
    Likes Received:
    5,672
    So then lets reform the whole Industry to make sure that the interests of the registrants are protected across the board when it comes to security and certain unfair business practices by the Registrars and Registries that ICANN has been closing its eyes on thus far.

    IMO
     
  18. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,467
    Likes Received:
    4,426
    Formally, all the termination reasons are included into the Accreditation Agreement. If Epik complies - they should not be terminated. Most notably, they should pay what they owe to ICANN, provide operational whois, etc.

    Less formally, should ICANN decide to terminate a registrar - they will. As simply as this. There were 2 cases I remember. One case - estdomains. As per the Agreement, Registrar may be terminated if it "is disciplined by the government of its domicile for conduct involving dishonesty or misuse of funds of others". Even though this or something similar happened with their CEO(?) as a natural person, and even though estdomains provided paperwork showing that the CEO leaved the company, their accreditation was still terminated.

    Another case - I do not remember an exact name, it was an Indian registrar which, as ICANN suggested, was a safe heaven for TM domains. ICANN found a "smart" scheme involving Indian courts, so that lost UDRPs were never practically applied. Even though said registrar was still in formal compliance with the Agreement - ICANN terminated them.

    Registrar Accreditation Agreement:

    https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en
     
    Last edited: Sep 26, 2021
  19. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,131
    Likes Received:
    11,038
  20. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,528
    Likes Received:
    8,449
    I see you mention this in every thread. For this, you have to attend ICANN meetings and start from there. Wish you good luck (y)
     
    Last edited: Sep 26, 2021
  21. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,829
    Likes Received:
    5,672
    I am guided by Logic and Compassion as that is at the core of my philosophy (or religion if you want to call it that).

    Logic says that we should use this occasion to fix all the security flaws and unfair and improper business practices across the board and Compassion says that we should seek to Reform rather than to Destroy.

    IMO
     
    Last edited: Sep 26, 2021
  22. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,131
    Likes Received:
    11,038
    I'm 100% sure, that ICANN wasn't aware of plain text or MD5 on Epik, they couldn't even imagine it.
     
  23. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,528
    Likes Received:
    8,449
    The current (2013) Registrar Accreditation Agreement has this paragraph. I'm not sure if Epik with its IANA Registrar ID falls under this "2013" agreement, but proactively informing ICANN in the event of such a major breach can never be wrong, I presume.

    3.20 Notice of Bankruptcy, Convictions and Security Breaches. Registrar will give ICANN notice within seven (7) days of (i) the commencement of any of the proceedings referenced in Section 5.5.8. (ii) the occurrence of any of the matters specified in Section 5.5.2 or Section 5.5.3 or (iii) any unauthorized access to or disclosure of registrant account information or registration data. The notice required pursuant to Subsection (iii) shall include a detailed description of the type of unauthorized access, how it occurred, the number of registrants affected, and any action taken by Registrar in response.

    https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en
     
    Last edited: Sep 26, 2021
  24. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,005
    Likes Received:
    2,522
    There is a whole set of evaluations and conditions that have to be met before a business can become an ICANN registrar. Technically, Epik is a victim in this situation as are its customers and those affected by the WHOIS scraping. As long as Epik was conforming to ICANN policies and paying fees, then there was no problem with its accreditation. ICANN does take action against rogue registrars. The first step is usually a breach notice. After negotiations, it may be escalated to a termination with the gTLDs being shifted in bulk to other registrars.

    With ccTLDs, it may be more complex. If Epik is an accredited registrar in the ccTLD, then there would be a transfer procedure if it lost its accreditation. Some of the ccTLD domain names on Epik may have been registered through ccTLD registrars or registration as a service operators like Tucows.The talk about Epik losing its ICANN accreditation is a bit premature.

    Regards...jmcc
     
  25. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,005
    Likes Received:
    2,522

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...