alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Mr. Glomar]

Either way, how would you have confidence going forward with how Epik was handling their customer's private information?

This is the real issue to focus on right now.

Personally my confidence is very low in Rob Monster's ability to prevent future attacks, not only that but my research into his US operations and shell companies indicates that there's a lot of "shady", some of which has been pointed out already by others, so I won't repeat it.

Having looked at both the database and the code it's quite apparent that a lot needs to be rebuilt from scratch, there's a lot of work that needs doing and I'm also not confident in Epik's ability to hire and recruit the "right people" to work on it.

Who with good skills and reputation would want to work for Epik right now? I suspect not many.

 

[Mr. Glomar]

So you are saying recruitment is more focused on identifying people with the skills who would agree with your version "good" vs coercion? I could see that being the case but I am sure velvet glove is also applied.

It's common for intelligence services to "coerce" or worse, but that doesn't work particularly well when it comes to having someone sit in front of a computer and write code or run technical ops. Coercion under these circumstances can be highly counterproductive and when there's a lot at stake, like infiltrating a terrorist group for example, the stakes are simply too high to warrant the risk.

 

[Derek Peterson]

It's common for intelligence services to "coerce" or worse, but that doesn't work particularly well when it comes to having someone sit in front of a computer and write code or run technical ops. Coercion under these circumstances can be highly counterproductive and when there's a lot at stake, like infiltrating a terrorist group for example, the stakes are simply too high to warrant the risk.

Yeah, I agree: zealot > mercenary > slave

 

[Beezy]

https://twitter.com/x/status/1443299000187297795

 

[Mr. Glomar]

BREAKING: hacktivists with Anonymous release a second round of data from the Epik hack. A security researcher who was able to verify the extent of the leak to me described it as "a complete own." At over 300 gigabytes worth of data, this leak is larger than the first.

 

[Molly White]

Curious if this 300GB is similar to the 180GB leaked already. Given the information in the previous leak spanned ten years (basically the entire length of time Epik has been around), it might suggest that this is additional data rather than the same types of data over a longer span.

Other initial thoughts: it may take some time for researchers to pore through this, as it did with the first dump. With the first, it took a while for the data to be released in a reliable way (DDoSecrets took a day or two to host it, if memory serves, because they had to reformat it). Time to analyze the data will depend a lot on what the data is and if it's formatted similarly to the previous. I imagine there will be more eyes on it more quickly this time, though, given the broad news reach of the first hack. If it's similar data to the first hack, that's a ton of information to go through. 180GB was already a ton, and researchers were only getting started. But if it's PDFs or images or something like that, it could be less dense.

 

[bmugford]

It appears the Twitter account was suspended -

https://twitter.com/epikfailsnippet

Account suspended
Twitter suspends accounts which violate the Twitter Rules

 

[Mr. Glomar]

It appears the Twitter account was suspended

Yes, it was suspended around 1:15 AM this morning ET.

 

[Molly White]

Ah, here we go. I was expecting to have to wait longer for details. https://www.dailydot.com/debug/anonymous-new-epik-leak/

For some reason, NamePros is apparently spamlisting the term "d_t_base d_mps", hence the ____ in the quote so the edit would go through.

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.

“Files are one thing, but a virtual machine disk image allows you to boot up the company’s entire server on your own,” he said. “We usually see breaches with _____, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving.”

The data includes API keys and plaintext login credentials for not only Epik’s system but for Coinbase, PayPal, and the company’s Twitter account.

https://twitter.com/x/status/1443300672166838285

https://twitter.com/x/status/1443302856325488642

 

[bmugford]

Ah, here we go: https://www.dailydot.com/debug/anonymous-new-epik-leak/

https://twitter.com/x/status/1443300672166838285

https://twitter.com/x/status/1443302856325488642

WOW.

 

[bmugford]

Crazy stuff...

https://twitter.com/x/status/1443303462054236160

 

[Beezy]

Ah, here we go. I was expecting to have to wait longer for details. https://www.dailydot.com/debug/anonymous-new-epik-leak/

 

[Evil.dll]

Also, who are you?
Namepros fan?
Hacker?
Etc..?

whoami (sic), Valid question. I have held many titles, but with reference to this post, you may refer to me as a security researcher that walks a very thin line, but understands the thresholds of the systems I choose to be a part of. A name pro fan? Don’t feel special, I make my presence known on forums that belong to your competitors as well, regardless of their politics. Also a privacy advocate and data protection officer concerned with how companies use and store data. Any company that does business in the state of California or the European Union and soon to be many more states is subject to oversight, regardless of how that makes them feel. Many times you don’t have to “Hack” in order to obtain the data, for instance, it required no hacking for me to verify that Epik purchased a company called Cityinformation BV, I just did a google search with a couple properly punctuated terms and a wealth of information was available, which in and of itself could be benign, but in the event of a breach it shows that there are many compliance issues, and when a company does any business in the EU that is a problem with the GDPR, also If a business holds data on any customers who are residents of the state of California and there privacy is breached that becomes an issue with the Attorney general of California. With respect to PCI DSS information that is a completely different situation and falls under the governance of the PCI Security Standards council, which brings us to the issue of Unsalted Md5 hashes and CVV numbers. There is a minimum threshold companies must adhere to in order to be in compliance with those standards and my assessment leads me to believe that threshold was not met. Period. Now you can take my assessment with a grain of salt, just make sure you use that salt for the Md5 hashes of any credit card information that is stored on your servers, or do as many do and use a third party vendor to process payments, which in the case of Epik became increasingly harder, not because of their political stance, but because of their poorly written code and their complete lack of cybersecurity, a term I personally loathe, because anybody within an organization that claims their system is secure IS the vulnerability. Consider the Epik breach a cautionary tale and use the information you are being presented by people who may not share your world view as free advice. Advice that would normally cost you a hefty price. As for those who are asking for clarification on terms they may not be familiar with, I offer you this: become familiar with these terms, google them if you have to, but learn them.

 

[Evil.dll]

*their

 

[branding]

It appears the Twitter account was suspended -

https://twitter.com/epikfailsnippet

Account suspended
Twitter suspends accounts which violate the Twitter Rules

A new account popped up earlier today and they archived their research to GitHub.

 

[Jona4s]

holy fuck, that's a lot of new data.

 

[FiniteCrystal]

Just when I thought things were getting boring, they got a lot more interesting.

EDIT: That's a lie, it never stopped being interesting, it just got exhausting.

 

[Kirtaner]

( ͡° ͜ʖ ͡°)

 

[Jona4s]

They are also bleeding domains. -9% just today.

@ https://dailychanges.domaintools.com/

 

[branding]

Epik purchased a company called Cityinformation BV,

C BV was acquired by Digital Town not E, his former gig as a CEO.

Doesn't take away from the fact he should be GDPR compliant though.

 

[bmugford]

C BV was acquired by Digital Town not E, his former gig as a CEO.

That ended poorly as well.

DigitalTown “clean up efforts” to avoid bankruptcy

https://domainnamewire.com/2019/06/06/digitaltown-clean-up-efforts-to-avoid-bankruptcy/

 

[Evil.dll]

C BV was acquired by Digital Town not E, his former gig as a CEO.

Doesn't take away from the fact he should be GDPR compliant though.

Glad you brought digitaltown into the mix. It seems that they are experiencing a 12% gain on the day as of last night. For a company whose assets are mostly archaic software that is used by few, if any companies and as Epik is a subsidiary of digitaltown, at least they are listed as such, with Epik CEO being listed as its primary creditor that leaves a whole new level to this, which upon assessment may reveal more than just a data breach, but I will leave that to someone with the time and knowledge of SEC compliance to sort out.

 

[bmugford]

Glad you brought digitaltown into the mix. It seems that they are experiencing a 12% gain on the day as of last night. For a company whose assets are mostly archaic software that is used by few, if any companies and as Epik is a subsidiary of digitaltown, at least they are listed as such, with Epik CEO being listed as its primary creditor that leaves a whole new level to this, which upon assessment may reveal more than just a data breach, but I will leave that to someone with the time and knowledge of SEC compliance to sort out.

What fortunate timing!

 

[Mr. Glomar]

As owner of some valuable domains myself and former customer of Epik, at this point I can only recommend to anyone that's still an Epik customer to get the heck off it and move your domains to a safer place.

At least put your "most valuable" domains in a safer place.

For what it's worth, most of my personal and most valuable domains are kept at Cloudflare now, just because security is their focus.

You need to weigh the "costs of moving" against the potential of "losing domains altogether".

Is it worth the risk? Maybe, maybe not.

 

[bmugford]

As owner of some valuable domains myself and former customer of Epik, at this point I can only recommend to anyone that's still an Epik customer to get the heck off it and move your domains to a safer place.

At least put your "most valuable" domains in a safer place.

For what it's worth, most of my personal and most valuable domains are kept at Cloudflare now, just because security is their focus.

You need to weigh the "costs of moving" against the potential of "losing domains altogether".

Is it worth the risk? Maybe, maybe not.

Also, if anyone is holding a balance in Epik "Masterbucks" you might want to consider your options. Just saying.

Brad