NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,623
Views:
192,645

  1. wwwulff

    wwwulff Top Contributor VIP

    Posts:
    2,097
    Likes Received:
    5,993
    Maybe it's just me who does not understand it, but what is this guy's agenda to publish the leaked emails and make them even more widely known?
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,506
    Likes Received:
    8,396
    @DAN.COM
    @Sedo
    @Joe Styler

    Your Escrow accounts at Epik may be compromised.
     
    Last edited: Sep 28, 2021
  3. Frans Citroën

    Frans Citroën Top Member PRO VIP

    Posts:
    1,663
    Likes Received:
    2,220
    I get your point, on the other hand we can make people aware of the situation and make them change their emails/passwords etc. before bad actors compromise people's accounts with this info, which is already circulating everywhere.

     
    Last edited: Sep 28, 2021
  4. sonatime

    sonatime Top Contributor VIP Gold Account ★★★★★★★★★★

    Posts:
    3,754
    Likes Received:
    10,922
    This thread has sewered and needs attention from mods. Sharing hacked data and suggesting to exploit it? That's heroism
     
  5. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,376
    Sometimes you just gotta make the best of a bad situation - jokes, sarcasm, parody, satire, mockery, etc.

    Let's wait to hear from Rob then, since they have gone radio silent.... crickets.

    Brad
     
    Last edited: Sep 28, 2021
  6. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    323
    Likes Received:
    252
    My info there as well.
     
  7. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    323
    Likes Received:
    252
    What guy?
     
  8. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,003
    Likes Received:
    2,518
    Yep but this event may be the subject of a criminal investigation. It might be problematic for Epik employees to comment on it.

    Regards...jmcc
     
  9. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,506
    Likes Received:
    8,396
    Maybe. Or priority was given to video meetings.
     
  10. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,376
    That very well might be true, but others are working to fill in a lot of the gaps in the meantime.

    Brad
     
  11. cbd

    cbd Top Contributor VIP Gold Account

    Posts:
    2,373
    Likes Received:
    1,306
    FWIW, posting hacked materials may (depending on the circumstances) be against Twitter TOS and can be reported.

    https://help.twitter.com/en/rules-and-policies/hacked-materials

    It's a pretty weak policy tbh, but if your information has been posted inappropriately, you can report it.


    It's a shame that some folks feel empowered to post innocent users' data, users who have nothing to do with the dark side of Epik's activities.
     
    Last edited: Sep 28, 2021
  12. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,003
    Likes Received:
    2,518
    That wasn't the best of decisions but the thinking may have been that something had to be done.

    Regards...jmcc
     
  13. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,003
    Likes Received:
    2,518
    Yep and even with the data that's been published there's a lot of speculation.

    Regards...jmcc
     
  14. Start

    Start Established Member

    Posts:
    208
    Likes Received:
    309
    Yeah, this is insane! How foolish can this "researcher" be? He seems like he's the bad stereotype of a computer programmer who has no sense of moral and ethical aspects and responsibilities.

    Just because you have the technical capability of doing something doesn't mean that you should. It's bad enough that the info was in the hacked database (but difficult to see info), but it's even worse when this guy purposely puts it into a simple spreadsheet and publicizes it.

    He's violating people's privacy by publishing details on (doxxing) every single Epik customer... thousands of innocent people!

    And almost 14,000 of the people (out of 24,000) on the list only have 1 domain with Epik. A lot are probably companies/people who simply bought a domain from someone else, and they happened to use Epik's sale system.

    To the "researchers" reading this, you need to understand some important points:

    As I detailed here:
    https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-68#post-8408613

    1) Most Epik customers (I would say 99%) are just regular people and companies.

    2) Until about early 2019, I don't think Epik really even had any controversies. It was just considered another registrar.

    3) People transferred or registered a lot of domains to/with Epik because of the low prices, excellent support, and the useful system they have for selling domains. Those were in place years ago, before the controversies in the past ~2 years.

    4) And the #2 guy at Epik (Joseph) for years was actually a somewhat left-wing atheist (opposite of Rob). And I would objectively say that Rob and the staff are pretty nice in general interaction (the staff are also multicultural), so one wouldn't have expected how things went. But after the controversies started in 2019, that's apparently when Joseph left later that year. But a lot of customers already had a lot of domains at Epik by then.

    5) And some registrars' control panels make it a hassle and a bit time-consuming to transfer domains out in bulk... and Epik is one of those. They're maybe average on that measure, but I think you have to do them one at a time, and that time adds up. That aspect is why there's a general tendency (at any registrar) for people to keep domains wherever they're already at.
    ...That's why I can see one example of someone who publicly parted ways with Epik, but still has a lot of domains there. And I even see companies that have had public disputes (over a year ago) with Epik in the list, and yet even they still had domains there as of February.
    ...For bulk accounts that had the special "Namepros pricing", Epik only got 7cents in profit ($0.07) per .com domain renewal, so it's not like Epik was getting funded by those customers anyway.

    6) Most people wouldn't know about Epik's controversies. I periodically visit NamePros, and I didn't even know some of the stuff I've read in this thread.

    So frankly, publicizing people's private information is irresponsible -- especially when so many "researchers" have incited/created a confused mob by acting as if 90%+ of Epik's customers are neo-nazis, when those are just a tiny fraction
    (any fraction is too big, but realize that the vast majority of customers are just regular people).

    It reminds me of Timberland clothing -- it became a trend for "chavs" (basically UK riff raff) to wear it, but most people who wear it are just regular people. If a bunch of chavs do something bad, it doesn't make sense to list every single person who bought Timberland clothing!


    (Also, for Twitterati reading this, I'm no right-winger saying that, I'm just pointing out some facts. I'm someone who considers even the US Democratic Party to be somewhat right-wing, as I also wrote months ago here too: https://www.namepros.com/threads/br...h-of-his-domains.1230431/page-23#post-8191759 )

    @Molly White You're the only one I've seen here (or at least who I remember) who is also active with the researchers on Twitter. So I hope you can relay this info to the guy who violated people's privacy by posting details on every single Epik customer. He's doxxing thousands of innocent people.
     
    Last edited: Sep 28, 2021
  15. Silentptnr

    Silentptnr Domains88.com VIP

    Posts:
    16,721
    Likes Received:
    48,280
    Actually, @bmugford has been a great contributor to this thread. I feel you are being disrespectful considering you recently joined the thread.
     
  16. Silentptnr

    Silentptnr Domains88.com VIP

    Posts:
    16,721
    Likes Received:
    48,280
    I would agree a comment like the one you pointed out could be moderated.
     
  17. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    323
    Likes Received:
    252
    Several of my posts have been removed because Rob Monster shills keep reporting them so let me restate my position on page 70.

    Epik's security was so poor that I believe this hack was an inside job, meaning someone at EPIK intentionally left the doors open so the data could be "hacked".

    EPIK's VP Robert Davis seems like he is deeply entrenched in intelligence agencies and those types love to get this kind of data of right wing activists. He is also cryptologist expert, so I find it odd EPIK had such poor security in place, and by odd I mean suspicious.

    Using 3rd parties to "hack" data is an easy way for FBI to get access to the data AND be able to use it to prosecute people for "crimes" such as hate speech or colluding on Jan 6th or whatever. If they took it themselves it would not be admissible in a trial but now that it is public they can. Gab recently pulled the same stunt when they added a ridiculous sql injection vulnerability to their code by "accident" and were hacked and all user data was also published online.

    We know the FBI has been in frequent communications with EPIK and Rob this year, probably because of all the Jan 6th drama because several internal communications were also leaked as part of this "hack".

    I have known Rob Monster for many years and I have seen him lie and manipulate many, many times. He uses Christianity to get people to put down their defenses so he can manipulate them. (I am a born again, Bible believing Christian).

    However, if this was just an incredible example of incompetence the fact of the matter is that it was brought about because Rob Monster has a long history of not caring about user privacy or security as demonstrated when he launched a fake VPN several years ago, claiming to own it when in fact it was actually a white label that he had no control over. When confronted with this fact he threatened me and others with court actions or even physical harm, tried to get me banned everywhere (including on this site) and slandered me by calling me all sorts of names ON THIS SITE, which was never removed, although I don't report such things because I am a man.

    In conclusion, whether this hack was intention or just incompetence, the bottom line is that Rob Monster and EPIK should not be trusted if you are someone doing sensitive things that could put you in jeopardy if your info is revealed.
     

    Attached Files:

  18. noneisnone

    noneisnone 444 VIP

    Posts:
    2,763
    Likes Received:
    2,251
    @Derek Peterson you have so much information we thank you for providing us with it but if you can let go of the condescending and belittling comments am sure no one would mind your posts matter of fact they will appreciate it

    the aggressive comments in regards to rob makes it seem personal which takes the light off the information you provide
     
    Last edited: Sep 28, 2021
  19. Shackleton

    Shackleton Established Member ★★★★★★★★★★

    Posts:
    204
    Likes Received:
    286
    Does anybody know if Epik had cyber insurance? Maybe they are too small to carry this coverage.
     
    Last edited: Sep 28, 2021
  20. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    323
    Likes Received:
    252
    I am doing the best I can but I am not a robot. People are going to have their lives ruined because of this "hack", some will be killed. Perhaps you should care a little more about others.
     
  21. Derek Peterson

    Derek Peterson Restricted (15-30%) Gold Account

    Posts:
    323
    Likes Received:
    252
    I would be surprised if they didn't have errors and omissions insurance but sue them anyway ;)
     
  22. noneisnone

    noneisnone 444 VIP

    Posts:
    2,763
    Likes Received:
    2,251
  23. sonatime

    sonatime Top Contributor VIP Gold Account ★★★★★★★★★★

    Posts:
    3,754
    Likes Received:
    10,922
    Fair enough, maybe without context, it sounded out of place. I would have preferred the thread to be informative, as many of us would like to keep up and learn from this. Epik not commenting is probably par the course in times like these. That being said, anything with Epik turns to politics and fringe hate stuff and culminating in domainers posting criminally obtained doxxed info of other domainers in the thread. No self filter, no critical thought, only enthusiasm.

    Not long ago, Brad was anti doxxing, law violations, TOS violations when it came to abortion sites etc., but when doxxed info arrived here in the thread, it was a smiley face.
     
  24. topdom

    topdom Top Contributor VIP

    Posts:
    1,683
    Likes Received:
    1,427
    One way to hack sites, I suspect... Whoever controls SSL system may steal lots of login info. To get a working SSL cert, you need to pass through a few companies, otherwise browsers won't recognize those certs as valid. Those few companies can sniff traffic and steal critical data...(I may be totally wrong..because I'm naive in this topic), I mean, they would have a backdoor to decode data. Self-signed certs would be safe to a company but maybe not look safe to others, and those elite SSL companies may take advantage of this situation, and a site with self-signed certificate looks unsecure (browser warning), while nonssl sites may look ok.
     
    Last edited: Sep 28, 2021
  25. carob

    carob Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,868
    Likes Received:
    5,401
    Someone else now raising the tax angle:

     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...