NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,622
Views:
192,514

  1. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,079
    Likes Received:
    1,896
    As of June 2020, GoDaddy had 20 million customers worldwide.
    Namecheap has nearly "2 million customers and subscribers"
    Godaddy is the #1 registrar, Namecheap is lightyears ahead of epik.
    So again, does anyone know how many user accounts are they on epik?
    They say this hack impacted 15 million people, customers and non-customers alike.
    But given Godaddy and Namecheap numbers, 110,000 could actually be the total number of epik customers.

    Godaddy
    Screenshot_20210927.jpg



    Namecheap

    Screenshot_20210927-1.jpg
     
    Last edited: Sep 27, 2021
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,828
    Likes Received:
    5,671
    Not trying to deflect, why should I,

    I don't have a horse in this race either way as my thoughts are not driven by politics or profits, just trying to do what is fair and right when it comes to safeguarding the consumer (Customers and Registrants).

    We can have a two track response to this situation where Epik is held accountable and reformed and for the Industry as whole to be made safer and more secure.

    IMO
     
  3. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,375
    Open another thread then. This thread is about Epik.

    I am certainly not aware of any other companies in blatant violation of PCI compliance. If you are, feel free to start a thread about it.

    Brad
     
    Last edited: Sep 27, 2021
  4. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,375
    When you consider Epik's total registrations, and that according to records only 2% of their transactions were over $10, and 50% were under $1... I don't think the actual customer base is likely all that large.

    You can tell via the numbers above that a large percent of their registration volume appears to be via some type of low-priced promotions.

    Brad
     
    Last edited: Sep 27, 2021
  5. astrade

    astrade Established Member

    Posts:
    27
    Likes Received:
    31
    We've received different emails apparently. Do you think that's because they have their hands on data and know which account passwords were present in the leak and which weren't?

    Here is an email I've received:
    https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-66#post-8408157
    (EDIT: Link wasn't working)
     
    Last edited: Sep 27, 2021
  6. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,079
    Likes Received:
    1,896
    To me its evident.
    Godaddy 20 million customers.
    Namecheap 2 million customers.
    Those 2 being mega top registrars.
    A new guy like epik could have 110,000 total customers, which happens to be a lot, I would have thought less. But I guess theres active customers versus # of accounts.

    In other words.
    All of epiks customers data might have been leaked.
    Literally 100% of customers personal info.
    But that, they wont say.

    Because why would hackers only leak 110,000.
    Why not 10,000. 30,000. Or 100,000.

    I received the same email.
    Edit: same email ad @Silentptnr , yours I cant see.
     
    Last edited: Sep 27, 2021
  7. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    323
    Likes Received:
    252

    Also, this data goes back 10 years so I am sure many of those accounts are long since dead. Huge percentage of people probably created account to look at interface or do one time purchase or transfer.
     
  8. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,828
    Likes Received:
    5,671
  9. kemjika11

    kemjika11 Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,316
    Likes Received:
    2,206
    ....but he agrees in free speech for hate groups that cant get it anywhere else? Karma has come back to bite Epik, and from my initial post in this thread, i just wanna say - I WAS RIGHT.
     
  10. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,079
    Likes Received:
    1,896
    There, 2021.

    Godaddy is the top registrar by domains under management.
    Namecheap is second.
    Then is a plethora of registrars.

    Godaddy has 76 million domains, 20 million customers.
    Namecheap has 12 million domains, 2 million "customers and subscribers".

    On DomainState theres a august 2020 chart where epik is #41 on the list with 600,000 or so domains.
    And that was before paypal and afternic.

    Epik, 600,000 domains. Majority of domains owned by domainers with many domains per account.
    Then input this data
    2% of their transactions over $10, and 50% were under $1. Domainers in action.

    I say theres 110,000 accounts at epik.
    Be it 600,000 domains, or 1,000,000.

    Screenshot_20210927-2.jpg

    Screenshot_20210927-3.jpg

    Screenshot_20210927-4.jpg
     
  11. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,375
  12. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,375
    Yes, I am not sure how I got an Epik account exactly. I didn't ever really choose to do business with them.

    I did purchase some domains from InTrust domains over a decade ago, before Epik bought them.

    InTrust domains used to spam potential domain buyers daily. If this data includes them, then a lot of these accounts could be one-off buyers from more than a decade ago.

    Who knows how many active customers they have.

    Brad
     
    Last edited: Sep 27, 2021
  13. Silentptnr

    Silentptnr Domains88.com VIP

    Posts:
    16,721
    Likes Received:
    48,280
    Yes, apparently there are two. Two separate articles on domaining .com outline each of the two. Not sure why they are slightly different.
     
  14. NicTraders

    NicTraders Top Contributor VIP Gold Account

    Posts:
    3,164
    Likes Received:
    1,485
    The Google Sheet linked to from this post indicates 12,120 organizations with domains registered. But the sum total is a bit under 325,000 domains. Well short of the 600k+ figure. So it seems that sheet is not complete by any means?...
     
  15. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    323
    Likes Received:
    252

    Exactly but at least one person knows, Rob, but he probably won't say truth because then he would be in trouble for lying to the investor he claims just gave him $32,000,000 recently. I'm sure him investor will not be happy the actual active user count is closer to 10K. He is caught in his lies. House of lies gonna fall down on him from all directions.
     
  16. Bob Hawkes

    Bob Hawkes Top Member NameTalent VIP Gold Account Trusted Blogger

    Posts:
    7,864
    Likes Received:
    26,891
    I am not sure number of user accounts but number of domain names registered there, at least at date of this Dofo blog article, was about 880 thousand, making them the 50th on list of registrars.
    https://dofo.com/domain/registrars?page=2&page_size=25
    Now many have large numbers of domains, so you would expect not as many accounts.

    However, in a sense have a larger number of domain names 'under management' (I think Epik have in past used that term) because you could use their for-sale landers for domain names listed elsewhere.

    Also, names on NameLiquidate that are registered elsewhere are on their site.

    They may also have hosting or other service accounts without a domain name registered.

    Recall that, as I understand it, the breach held some data for up to 10 years, so someone who had a single domain there years ago would in a sense be in the impacted number.

    I have found it hard to follow all the claims, some of which have been written about by members of general press who don't understand certain aspects of whois, expiry, etc., but the number of people impacted would be expected to be higher than number of current users.

    Bob
     
    Last edited: Sep 27, 2021
  17. Magul

    Magul White Bread is Head VIP ★★★★★★★★★★

    Posts:
    2,632
    Likes Received:
    1,210
    Epik.com is innovating and I care not about anything else.
     
  18. Qc4

    Qc4 Established Member ★★★★★★★★★★

    Posts:
    172
    Likes Received:
    36
    Something interesting about the Epik hack that I haven't seen posted anywhere else is the fact that the database dump is incomplete. There is a main database where Epik stores most of the data for their registrar platform, but the dump ends abruptly about halfway through the tables. This is probably because the dump file was getting excessively large (over 100GB), and something went wrong with the process.

    According to Epik's registrar platform code, those documents are stored in the database. I'm guessing they are stored there forever based on what Epik does with other sensitive data. But since the data is incomplete (see above), that table was not included in the hack, so those documents were not exposed.
     
  19. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,375
    The problem is who knows.

    The hackers could have more as well.

    There should really be no situation where these type of ID documents are stored on normal, internet accessible servers. They should be in some type of non-accessible cold storage.

    Brad
     
  20. .X.

    .X. In God I Trust VIP ★★★★★★★★★★

    Posts:
    17,115
    Likes Received:
    21,603
    think of this .. it took Anonymous to hack the site .. which i believe was a paid hack .. that is my opinion … so with it taking Anonymous to hack the site .. could the hack have been tried by lessor hackers and they did not succeed??
     
  21. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,375
    Well, it is not like Anonymous is a hacking group with centralized leadership. It is decentralized collective.

    On a technical level, I think there are likely a large number of hackers that could have pulled if off, especially seeing the type of security protocols and measures Epik seemed to employ.

    Major companies deal with hacking attempts almost daily. This is more of a story about how Epik was breached so thoroughly because of the system design when it came to server structure, coding, security protocols, etc.

    Brad
     
    Last edited: Sep 27, 2021
  22. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,079
    Likes Received:
    1,896
    Dear respectable Bob, are you claiming something, or just sharing some points?

    15 million impacted users, I dont believe the extreme vast majority was using any epik service, whether landers, hosting, nameliquidate, or whatever it may be. It was said multiple places since the breach "many of whom were not using epik at all". I think those contacts were just in the database for spam or some future plans.

    Whatever epik related service you use, landers, hosting, you need an account. Merge them altogether, everyone from the past 10 years, I find it hard to get to get to 100,000 users, given theres much bigger registrars out there.

    Namecheap is 2nd largest registrar with 2 million customers, and its clear that epik isnt even nearly 1/10th of namecheap.

    Epik has more noise surrounding the company than actual business.

    The 110,000 could be all customers from the last 10 years, it is possible.
     
  23. .X.

    .X. In God I Trust VIP ★★★★★★★★★★

    Posts:
    17,115
    Likes Received:
    21,603
    had the site had easier gateways .. I think the site would have been hacked by lessor than Anonymous IMO … although they work alone .. they do know each other to some extent .. even a couple of them have gotten married .. and divorced .. it’s not as complicated as it is made out to be ..
     
    Last edited: Sep 27, 2021
  24. noneisnone

    noneisnone 444 VIP

    Posts:
    2,763
    Likes Received:
    2,250
    am guessing the .co 0.99$ promotion
     
  25. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,375
    I mean it is made up of a relatively non-organized group of people. It is not like they have an official membership card. Obviously some people with similar interests, might know each other.

    Not every member of Anonymous is some tier 1 hacker. You clearly have many who are, but many more are supporters of the cause.

    The power of Anonymous is largely to do with the crowdsource aspect of that support.

    There are any number of hackers / groups out there with similar technical abilities.

    Brad
     
    Last edited: Sep 27, 2021

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...