NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,625
Views:
193,080

  1. noneisnone

    noneisnone 444 VIP

    Posts:
    2,763
    Likes Received:
    2,251
    i would guess epik was a safe haven for people living under oppressive regimes makes you wonder if this leak is gonna cost people their lives in the literal sense ? 12 year old videos in syria of someone protesting is enough to get him the death penalty imagine a leak that indicate you run an opposition website sheeesh..
     
    Last edited: Sep 27, 2021
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,005
    Likes Received:
    2,522
    Complying with court orders and subpoenas isn't exactly helping the Feds as such. It would, I think, be a legal requirement. Law enforcement agencies can make such requests under various pieces of legislation and a registrar in the US has to comply. Registrars in other jurisdictions would also have to comply with court orders in their jurisdictions. Perhaps some people with a greater knowledge of the US legal system can clarify the process for these requests/orders.

    Regards...jmcc
     
    Last edited: Sep 27, 2021
  3. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    324
    Likes Received:
    252
    Exactly, that is my real issue with this whole thing. Rob is terrible human that should not ever be trusted.
     
  4. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    324
    Likes Received:
    252
    I know it pretty well, as I stated in my post those are examples of actions with subpoenas, allegedly there are many, many more with no subpoena, just Rob getting back at people he doesn't like. I figured he was doing that and that is why I left many years ago when I saw him for what he is.
     
  5. noneisnone

    noneisnone 444 VIP

    Posts:
    2,763
    Likes Received:
    2,251
    @Derek Peterson i wouldn't go that far derek ^^ i personally like rob he was always super nice to me and helpful but that doesn't mean the breach never happened in my book or to shift the blame to someone else. epik made a huge mistake that will probably cost people more than money..
     
  6. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    324
    Likes Received:
    252
    yes, but Rob has history of this. years ago he was touting a VPN that he claimed to own and had total control of and assured everyone they would be perfectly secure using his service. he was lying, it was a white label product that he was simply reselling. I called him out for it because I was worried about his users and he responded by calling me names, threatening me with court actions and even "judgement day" for simply telling the truth. He doesn't care about others. Be a man, just because he was "nice to you" doesn't mean he is a good guy.

    Edit by moderator: removed name calling and rule reminder sent.
     

    Attached Files:

    Last edited by a moderator: Sep 27, 2021
  7. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,829
    Likes Received:
    5,672
    You haven't contributed anything of value (or substance) that is relevant to these discussions.

    It's not your job to judge if my posts are on topic or not.

    If you believe that I have made an inappropriate post you can report it to the Mods and let them deal with it, but if you want to take it upon yourself to limit or curtail my right to participate in these discussions then it's your actions and posts that are going to be off topic and that are going to continue to interfere with the discussions in this thread.

    You don't need to reply if you are going to infringe on my rights further by trying to limit my participation in this forum.

    IMO
     
    Last edited: Sep 27, 2021
  8. Qc4

    Qc4 Established Member ★★★★★★★★★★

    Posts:
    172
    Likes Received:
    36
    It seems that the CC numbers were saved for logging suspicious and fraudulent transactions. It doesn't make sense to me why they need to store so much information about them (especially since their payment gateway likely has a copy of the data), but the data includes the first 4 digits and last 4 digits of the CC number, the expiration date, the CVV code, and the billing information about the user.

    There is another location that contains CC numbers (first 6 digits and last 4 digits), but it seems to be InTrust data from before the Epik acquisition. The transactions are only from 2009 and 2010.

    A third location contains full CC numbers, but there are only 16 of them, and they are also from around the same time period.

    Speaking of logs, it seems like a huge waste for Epik to store so much information for logging purposes. One table I see has almost 35 million entries. Do they really need to keep detailed logs from over 11 years ago?
     
  9. johnn

    johnn WeSellName.com PRO VIP ★★★★★★★★★★

    Posts:
    17,850
    Likes Received:
    8,325
    First - I think the topic here is:
    Epik Had A Major Breach
    We don't need to waste time to discuss how to help Epik or Rob.

    If they don't know how to run a business except Spamming everywhere then they will be out of business. This apply to any business not just the Registrars.
    Second - There are 2 types of hacking -
    - Using DDOS which bring massive traffic to the site to take the site down (which is not in this case)
    - Or going to the backdoor and download Customer Data and exposed them to the public or sell them to the black market. So the owner will not even know that the site is hacked until the hacker tells them.
    The site is running OK does not mean it's not being hacked.
    And a suggestion for someone who keep posting off-topic posts: You can go ahead and create a thread yourself and not coming here wasting time and confuse people.
     
    Last edited: Sep 27, 2021
  10. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    Again, MAJOR violations when it comes to PCI compliance, especially related to the CVV codes.

     
    Last edited: Sep 27, 2021
  11. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,524
    Likes Received:
    8,436
     
  12. DN Playbook

    DN Playbook Established Member

    Posts:
    573
    Likes Received:
    974
    So your proof is that the site is up and running and it is accepting new customers and they are "working on it" and you "don't need to provide any damn evidence". Thanks for the news flash, sherlock. Wow everyone can go back to their business, nothing to see here folks. Sheesh.

    The hackers didn't crash the site. They downloaded a searchable database of private data. People's lives have already been affected according to investigative reports.
     
    Last edited: Sep 27, 2021
  13. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    324
    Likes Received:
    252
    I have already heard of several people losing their jobs because of this EPIK Hack. Is a class action lawsuit against this Rob Monster, or EPIK possible? Assuming this hack wasn't an inside job, which I believe it was.
     
    Last edited: Sep 27, 2021
  14. Beezy

    Beezy Top Contributor VIP

    Posts:
    6,384
    Likes Received:
    2,321
    Does the carcass of Epik (and their customers) end up with Godaddy or Web.com in the end, i wonder.
     
    Last edited: Sep 27, 2021
  15. Embrand

    Embrand Top Contributor VIP ICA Member ★★★★★★★★★★

    Posts:
    1,603
    Likes Received:
    1,697
    Rob's TrustRatings (https://trustratings.com) also just copied the code from the huge review company TrustPilot (https://trustpilot.com), which I mentioned on NP several years ago and got me into a huge fight with him.

    By the way, Epik still gets great reviews on TrustRatings: https://trustratings.com/epik.com. Strangely, nearly all reviewers have done just that one review...

    I cannot condone hacking, but there is something not right about Robert Monster. And as expected, it all came crashing down.
     
    Last edited: Sep 27, 2021
  16. karmaco

    karmaco Top Contributor VIP

    Posts:
    3,245
    Likes Received:
    9,037
    who lost their jobs?
     
  17. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    324
    Likes Received:
    252
  18. NicTraders

    NicTraders Top Contributor VIP Gold Account

    Posts:
    3,164
    Likes Received:
    1,486
    It would be better if you kept your posts factual. Epik did not release these details. Anonymous release the details. Yes, Epik left the details vulnerable, no doubt, but they did not release them at all. It's pretty clear you have rather a vendetta against Rob. That's up to you, but your contribution to this thread might be more valuable if you'd leave some of the personal remarks about him out of this.
     
  19. eternaldomains

    eternaldomains Established Member

    Posts:
    494
    Likes Received:
    337
    Isn't this something that many registrars do? That "save your credit card for easier future transactions"? Good thing I don't use Porkbun anymore, they force you to to have at least 1 saved and if removal is wanted, you have to contact them. Aren't almost all registrars considered as violators of this rule?
     
  20. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,378
    Saving your credit card information is not necessarily a violation. Many websites do it.

    Epik's issue is a combination of things. The info was saved in a non-secure manner, with numbers, names, expirations, cvv, billing info.

    But the big issue is the storage of CVV codes. It is an absolute no-no when it comes to PCI compliance.

    First of all companies are not required to use a CVV code to bill a credit card. They often use it as a security measure against fraud and because it generally results in lower transaction fees.

    Many companies will require the CVV code the first time, as a security measure to mitigate risk.

    However, it is absolutely not allowed to store this information, which is something Epik was apparently doing.

    What are the PCI compliance rules for CVV storage?

    “(3.2.2.) Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card used to verify card-not-present transactions) after payment processing authorization is complete.”

    [​IMG]
     
    Last edited: Sep 27, 2021
  21. DAN.COM

    DAN.COM Domain Marketplace Dan.com Staff VIP Gold Account

    Posts:
    926
    Likes Received:
    4,023
    No online platform that takes card payments serious stores it locally. At Dan for example, we store zero card information in our own database. We pass the information to Adyen and they store it as they are the experts in keeping that data safe. So having your card information stored somewhere isn't the problem but how and by whom it's stored is important to know.
     
  22. carob

    carob Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,869
    Likes Received:
    5,403
    https://stripe.com/gb/guides/pci-compliance


     
  23. carob

    carob Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,869
    Likes Received:
    5,403
    There are serious penalties for PCI non-compliance

    https://www.pcicomplianceguide.org/faq/#15

     
    Last edited: Sep 27, 2021
  24. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,131
    Likes Received:
    11,038
    Porkbun, they really force you to have CC on file???
    I use it for years via PayPal.
     
  25. Rhinnnn

    Rhinnnn Established Member

    Posts:
    472
    Likes Received:
    964
    Porkbun doesn't force you to do anything. But if you choose to save your card details they do that securely (see above posts regarding saving card info). Porkbun is run by people who actually know what they're doing.

    Putting Porkbun next to Epik is like putting a Tesla next to a toy car that doesn't even work properly as a toy.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...