NameSilo

Epik Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021

Replies:
3,622
Views:
192,596

  1. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,376
    Any legit company that serves customers should carry some type of business liability insurance, though I have no idea what it would actually cover in this case.

    Brad
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. NickB

    NickB it's a mystery VIP

    Posts:
    5,743
    Likes Received:
    13,897
    It's a complicated mess - In the UK I think it would be Cyber & Data Risk Insurance but you might also need online business insurance mixed in with product liability insurance, so most likely a bespoke plan....

    I'm no expert by any means on UK Insurance policies and would not even know where to begin for other countries
     
  3. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,376
    Fair enough, but it was a joke. Obviously.

    Sure, it sucks but the vast majority of these emails are likely already on all the domain spam lists, as people have been scraping new registrations for years when it comes to SEO, web design, and other spam.

    Again, I have also been "pwned" in this data breach, likely because I had an account a decade ago with InTrust domains, before Epik acquired them and way before any of the controversy with Epik. Outside that I have really had nothing to do with Epik. I would rather not be on the list as well.

    Brad
     
    Last edited: Sep 28, 2021
  4. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,376
    Yeah, that could get interesting tax wise.

    Alternative currency pitched as way to avoid taxes could be behind PayPal’s decision to stop providing services to Epik.

    https://domainnamewire.com/2020/10/...oidance-at-center-of-epik-paypal-controversy/
     
  5. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,505
    Likes Received:
    8,395
    Sure you can. However, such an insurance can make exceptions to what is covered, for example in the event of negligence.

    With regard to the processing and storage of credit card data, the applicable requirements do not appear to have been acted upon. The company has also stated that it has used "shitty russian code". Some statements made about a service like WhoQ.com may not have been helpful too (RM: "WhoQ.com, for making WHOIS work properly again after GDPR and RDAP broke it")

    Further reading:

    Shouldn’t cyber-insurance cover negligence?
    https://www.lexology.com/library/detail.aspx?g=4c0f46db-bd82-40b0-b04b-b165229ef08e
     
    Last edited: Sep 28, 2021
  6. Start

    Start Established Member

    Posts:
    208
    Likes Received:
    309
    I was just looking on Twitter and saw a link to this article:

    https://bangordailynews.com/2021/09...of-web-company-that-serves-far-right-clients/

    This article is an example of what I wrote about in detail here:
    https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-70#post-8408804

    The "researchers" on Twitter are giving people the impression that most Epik customers are neo-nazis or similar... even though I'd say 99% of Epik customers are regular people, many of whom became customers years ago, when Epik was just another registrar and not controversial.

    So now journalists like that reporter, who maybe have never even registered a domain (or at the very least, don't know much about registrars in general) are spreading that impression.

    Average people who see the title "190 Mainers’ data exposed in hack of web company that serves far-right clients" are going to assume that most of the customers are far-right. You can see that in the comments below the article too.

    People on Twitter ("researchers" or others who should know better) need to realize that most Epik customers are regular people (not far-right), and stop acting like they're mostly neo-nazis.

    And think about the ramifications of that, instead of doxxing every single Epik customer!

    I wrote more here:

    https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-70#post-8408804
     
    Last edited: Sep 28, 2021
  7. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,467
    Likes Received:
    4,426
    When you secure a website with a SSL cert, you have to generate a private key. This key remains private (it is stored on a server where the site is hosted, obviously). What can the companies like Lets Encrypt do is to track what sites are visited, how frequently, and from what IPs. This is because the browsers tend to verify the certificate validity each time you visit httpS webste. How? By contacting the certificate issuer, in the background (is the cert. good and not revoked?). Saying nothing about Safe Browsing setting which is frequently ON by default - each visited site is reported to google or another safety provider - all for your safety of course.

    What actually happens with each particular browser+website combo may vary, it depends on different settings on both ends, and going that deep would be offtopic here. Google Chrome (at some point of time last time I checked - did not verify SSL validity, but had Safe Browsing ON)

    Long story short - disable safe browsing and certificate validation if you want to minimize tracking...
     
    Last edited: Sep 28, 2021
  8. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    2,505
    Likes Received:
    8,395
    I think topdom meant rogue certificate authorities, but it's not in the scope of this thread.
     
  9. NickB

    NickB it's a mystery VIP

    Posts:
    5,743
    Likes Received:
    13,897
    That's a U.S case study....

    So even if the insurers decide not to pay out you can still pursue a claim

    Here in the U.K you could struggle with a negligence claim, even though it was in this instance - it would fall under data protection infringement with a small possibility that a negligence claim would not be completely off the table....

    Would Epik still be covered for Data Protection Infringement? Either way they are in the sh*t......

    UK High Court Ruling Restricts Scope for Data Security Breach Compensation Claims

    "The key takeaway from this case is that potentially this ruling reduces the scope of compensation litigation risk for businesses for data security breaches, i.e. for what might be called “kitchen-sink” type claims where Breach of Confidence, Misuse of Private Information and Negligence are all thrown in. Instead, those seeking to make a claim are likely to only be able to rely on claims for infringement of data protection legislation. But, it remains conceivable that, depending on the given facts, an individual tries to argue that under Breach of Confidence and/or Misuse of Private Information, positive wrongful acts were committed by a business in a data security breach occurrence that give rise to a compensation claim."

    https://www.corderycompliance.com/scope-restrictions-data-breach-comp-claims/
     
  10. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,467
    Likes Received:
    4,426
    It appears that social media researches are now trying to connect the dots: Epik, IP addresses, RIRs (Regional Internet Registries) and hosting/datacenter companies. Not an easy task, as one needs to have proper knowledge for such a research.

    In mathematical logic, false imply everything. Golden rule :)

    Resultingly, so far, the researchers are ending up with basically the following (or, they will in a few days):

    [​IMG]

    And, according to the researches, Epik plays a major role in the above.
     
    Last edited: Sep 28, 2021
  11. Jona4s

    Jona4s Established Member

    Posts:
    125
    Likes Received:
    154
    I made it to the top 300 customers ;D

    Well it's sad to see my CC in a \"txtCC"\ field, with \"txtCVV"\. Sad story ;(

    Also, Epik_Registrar_UploadedFiles_Loader seems to store documents in a directory, rather than a sql file.

    Haven't seen those folders.


    As for how hackers exploit servers. Gaining root access to a server is just a matter of exploiting a daemon listening and injecting shellcode. Such as an overflow in sshd found by debugging the elf, or even some vulnerable part of zend code.

    What usually happens is that after a hacker gains access, a monitoring service should invoke a shutdown mechanism, such as a kernel panic. That is why Gmail servers can be hacked, but the data will almost never survive the hack.

    It's trivial to figure domains that enter Redemption, as you know just downloading the zone file and doing sort | uniq -u, will give you the domains with changed status (deleted from zone).

    As for creation_date and exp_date, you can send 150 million TCP packets to verisign whois, will give you full data in under an hour, using several IPs if needed.

    So I don't think anyone gains any useful insight with the leaked 1 million whois data. Only the owner details of course.
     
    Last edited: Sep 28, 2021
  12. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,079
    Likes Received:
    1,895
    Even if they sold sexynazis.com and took hold of it.
    A simple PR statement would be all it takes to save their reputation.
    Meanwhile somehow might have leaked all of their customers data.
    Like a kid who stole candy and knows his mother saw him, he's waiting to see how things unfold.

    Will it be the end.
    Or more lemonade?
     
  13. carob

    carob Top Contributor VIP ★★★★★★★★★★

    Posts:
    3,868
    Likes Received:
    5,401
    What I want to see is a list of the aftermarket domain sales that happened at Epik, with prices.

    For instance, all .com domains where sale price was greater than, say, $100.

    @Michael @Ron Jackson @GeorgeK @Joe Styler
     
    Last edited: Sep 28, 2021
  14. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,128
    Likes Received:
    11,027
    Epik doesn't report anything, as I know.
    And DNJournal doesn't publish .com sales below $2K.
     
  15. Start

    Start Established Member

    Posts:
    208
    Likes Received:
    309
    That would be illegal, and very sleazy. Someone doing that is risking getting sued by either the buyers or sellers... and especially some of the buyers would include very large companies with deep pockets to sue.

    Before 2-3 years ago, Epik was just a regular registrar that also had a sale system (like Dynadot, NameSilo, etc.), and even now, I bet a lot of Epik customers don't know about the controversies. The customers are victims of this hack, and there's no reason to victimize people further.
     
    Last edited: Sep 28, 2021
  16. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,003
    Likes Received:
    2,518
    The zone file does not include domain name status. It would be be necessary to compare the extracted lists of domain names from two zone files to detect which which domain names from the older list had been deleted. The problem is that the larger registrars, including Epik, no longer leave potentially valuable expired gTLD domain names go through the natural deletion process.

    Rather than seeing a domain name drop from the zone, the first sign of a non-renewed domain name may be a change of website IP or a PPC parking/sale page instead of the previous website content. That may not even require a change to the WHOIS record if the registrar is providing DNS service. If the domain name is not hosted on the registrar's nameservers then this information will change and that may be seen in an updated set of nameservers for the domain name in both the zone file and the WHOIS record. (A slightly different kind of changed status to a deletion.) An updated WHOIS record may help determine if it was an expiration shift or the registrant moving to a new registrar. All expiring domain names are not targeted for resale. There are hundreds of millions of domain names that were registered, were deleted and were never reregistered. Some will go through the natural renewal/delete process but may be picked up by dropcatcher registrars if there is some interest in them. Think of it like a trickle-down process.

    Previously, this was the cycle: registration - usage - renewal/deletion.

    Now there are two paths for expired domain names:
    Registration - usage - expiry (if valuable, registrar -> auction site).
    Registration - usage - expiry - deletion.
    After deletion, the dropcatcher registrars may quickly reregister a dropped domain name.

    The "good" domain names are generally moved to auction sites for sale. Beyond the basics, (aged, short, single word, high value keyword, good backlinks, age) evaluating what is a good domain name can be a difficult task. According to some tweets, there appears to be some traffic data on Epik hosted redirects. That can be quite useful in determining potentially valuable domain names.

    If Epik, or whoever scraped the records, was targeting potentially valuable domain names then it has done some of that research. If there is pricing, backlinks, website authority ranking data and keyword breakdowns, then it may provide a lot of insights.

    Regards...jmcc
     
    Last edited: Sep 28, 2021
  17. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    12,128
    Likes Received:
    11,027
    Already 2 weeks since this thread was started...
    And volume of people with Stockholm syndrome is trending up...
     
  18. johnn

    johnn WeSellName.com PRO VIP ★★★★★★★★★★

    Posts:
    17,845
    Likes Received:
    8,310
    The number one problem with people is "everything is about me".
    They try to search the internet and prove that they know more than other people and if someone does not agree with them then they start to fight.
    That's why there are a lot posts that are off topic.
    They need to focus on how to get more details about the incident in order to help the victims who are the customers in this case.

    And the last thing they should stop is defending Rob or Epik.
    It's so obvious that Rob screwed a lot of customers so stop defending him.
    If you are still in love with Rob then send him a personal love letter/email, don't post here.
    Also personal attack does not make you a hero. It's just wasting people time.
     
    Last edited: Sep 28, 2021
  19. Windoms

    Windoms Top Contributor VIP

    Posts:
    1,079
    Likes Received:
    1,895
    The person sharing that info is the least of their worries.
    Customers include those big domain buyers who created an account and made a purchase.
    They were also leaked.
    Domain. Price. Name. Address. Email. Phone number. Credit card details. Password... forget about NDA.

    The info has already been made public (through epiks security measures), only a matter of time until some twitter account posts it.
     
  20. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,828
    Likes Received:
    5,671
    I have noticed that some domains are just kept in limbo,

    They don't exactly go through the expiry cycle and they don't go to auction.

    It appears that some registrars want to bypass the ICANN rules in order to keep certain valuable domain names for themselves.

    It used to be that Registrars were prohibited in engaging in direct competition with the Registrants over domain names,

    But now that the Registrars (and some Registries) are amassing very large portfolios themselves it seems that many of the original rules are now being ignored.

    IMO
     
  21. Kingslayer

    Kingslayer Top Contributor VIP

    Posts:
    2,136
    Likes Received:
    5,702
    There’s a saying ‘You are the company you keep’.

    I’m sorry but I don’t buy into the whole “99% of people who use Epik are regular people” regular people wouldn’t drink in a bar if this bar had a sign on the front door saying ‘Nazi’s/extremists welcome’ if you choose to still drink in this bar after seeing this sign, that says something about who you are as a person.
     
    Last edited: Sep 28, 2021
  22. jmcc

    jmcc Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,003
    Likes Received:
    2,518
    That ICANN rule on registries not owning substantial shares in registrars was changed a few years ago. Think it was just before the launch of the 2012 round of new gTLDs.

    Some domain names may also be frozen due to legal action.

    Regards...jmcc
     
  23. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,828
    Likes Received:
    5,671

    I am looking at this situation as an impartial and unbiased observer,

    I don't belong to any extremist groups whether on the Right or on the Left as I believe that those who are controlled by any kind of extremist ideologies are not capable of seeing the big picture.

    There is so much about Race and Racism that people don't know or that they choose to ignore.

    I might open a thread to Discuss Race and Racism in the near future if that's okay with @Paul (I have promised him not to be too disruptive with my comments and threads here on NamePros).

    IMO

    PS: I don't want the Mods to open a thread on my behalf. I'll do it myself if and when I am ready to do so.
     
  24. oldtimer

    oldtimer Do some good for humanity and the environment VIP ★★★★★★★★★★

    Posts:
    3,828
    Likes Received:
    5,671
    I know that, but what about the Registrars keeping the domains for themselves.
     
    Last edited: Sep 28, 2021
  25. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    14,179
    Likes Received:
    27,376
    This is nothing new. Registrars have been warehousing domains for years whether it is directly allowed or not.

    Web.com (Network Solutions) & New Venture Services Corp as an example.

    Brad
     
    Last edited: Sep 28, 2021

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...