alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

A courtesy note for Epik customers who have stated in solidarity that they will move even more of their domains to Epik because of the data breach: be wary and decide for yourself when it might no longer be wise to do so at this moment .

 

[scithe]

I saw the Experian offer too. I worry that credit monitors would end up having a power that would interfere with my use of credit cards. Like I just flew from FL to NV and back over 4 days. During that time I used a certain credit card at least 24 times in 4 different states. Would a credit monitor cause my card to decline while I'm trying to buy a round of shots?

 

[Paul]

Would a credit monitor cause my card to decline while I'm trying to buy a round of shots?

No. Even a credit freeze or credit lock would not have that effect; those are purely to discourage companies from opening new lines of credit in your name without additional authentication. On its own, credit monitoring doesn't even do that; it gives you insight into whether anyone is attempting to open lines of credit in your name, but it won't inhibit those attempts or provide timely information about attempts to use your existing credit cards.

Edited for clarification.

 

[Windoms]

Also, if anyone is holding a balance in Epik "Masterbucks" you might want to consider your options. Just saying.

Brad

I have 16 ou 18 dollars there.
A gift to epik.

A courtesy note for Epik customers who have stated in solidarity that they will move even more of their domains to Epik because of the data breach: be wary and decide for yourself when it might no longer be wise to do so at this moment .

 

[bmugford]

https://www.dailydot.com/debug/anonymous-new-epik-leak/

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.

“Files are one thing, but a virtual machine disk image allows you to boot up the company’s entire server on your own,” he said. “We usually see breaches with database dumps, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving.”

The data includes API keys and plaintext login credentials for not only Epik’s system but for Coinbase, PayPal, and the company’s Twitter account.

 

[ixex]

luckily the credit card that I used there once or twice that has been sitting in the account was expired already awhile back lol

 

[Windoms]

Last one
A nice and helpful lady made a cute trustpilot review on september 20th.
Seems like she thought there was top notch security blazingly fast firewall. Like those quick lasers in the movies around diamonds when thieves enter by the roof.
If only she knew

 

[Windoms]

(She better change her passwords)

 

[Future Sensors]

The second breach / data leak mentioned on Twitter by Brian Krebs of KrebsOnSecurity.

https://twitter.com/x/status/1443364644849168384

 

[jmcc]

https://www.dailydot.com/debug/anonymous-new-epik-leak/

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.

Bloody Hell! It is going to be difficult for Epik to deal with the fallout from this and there's an ICANN meeting coming up next month.

Regards...jmcc

 

[bmugford]

Bloody Hell! It is going to be difficult for Epik to deal with the fallout from this and there's an ICANN meeting coming up next month.

Regards...jmcc

I am still wondering about the ID documents. Were these stored on their normal server, or something more secure? What about other information they might have relating to bank accounts (ACH), etc.

This level of data breach is almost unprecedented.

Brad

 

[Future Sensors]

In addition to prayers and ongoing forensics, it is imperative that at some point you can rely on the compromised systems again. In general, the urgent advice is to shut down and largely rebuild the compromised systems, but not every company is willing or able to do so. I wish Epik wisdom and strength for the coming period, when they need to restore both systems and the perception of the company.

https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server

 

[Derek Peterson]

I am still wondering about the ID documents. Were these stored on their normal server, or something more secure? What about other information they might have relating to bank accounts (ACH), etc.

This level of data breach is almost unprecedented.

Brad

i think it is very safe to assume, and you should assume, that they are on the same server and not secure. Amazing to me that The Monster hasn't come out with a list of items compromised.

 

[bmugford]

i think it is very safe to assume, and you should assume, that they are on the same server and not secure. Amazing to me that The Monster hasn't come out with a list of items compromised.

I think it is highly likely they didn't know, now with an image of the entire server it is pretty easy to know what it included - everything on the server.

Brad

 

[Derek Peterson]

I think it is highly likely they didn't know, now with an entire image of the server it is pretty easy to know what it included - everything on the server.

Brad

LOL, yeah, exactly. Easier to make list of what wasn't compromised.

 

[Jona4s]

In addition to prayers and ongoing forensics, it is imperative that at some point you can rely on the compromised systems again. In general, the urgent advice is to shut down and largely rebuild the compromised systems, but not every company is willing or able to do so. I wish Epik wisdom and strength for the coming period, when they need to restore both systems and the perception of the company.

https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server

If by their "system" you mean the zend (php) code. No matter how many times they rebuild it or harden it, zend is zend garbage, it's an interpreted language for developers who don't know how to compile and disassemble binaries to find vulnerabilities.

I mean look at this stuff.

$context = null;
if ($this->isHost('XXDDD.epik.com'))
{
$username = 'XDD';
$password = 'XDDDD';
$context = stream_context_create(array (
'http' => array (
'header' => 'Authorization: Basic ' . base64_encode("$username:$password")
)
));
}

 

[Future Sensors]

If by their "system" you mean the zend (php) code. No matter how many times they rebuild it or harden it, zend is zend garbage, it's an interpreted language for developers who don't know how to compile and disassemble binaries to find vulnerabilities.

It's broader than that. At this point, after successful intrusions, you basically can't really trust anything anymore. Not even the backups, which could normally help you get back to a reliable / trusted situation.

 

[jmcc]

I am still wondering about the ID documents. Were these stored on their normal server, or something more secure? What about other information they might have like bank accounts (ACH), etc.

I'm going on the commentary from Twitter and elsewhere. The ID documents are a major problem (among a lot). Multiple servers are exposed and it is possible that the ID documents could be there unless they've been deleted from the leak. The one thing that has slowed down analysis and dissemination of the first leak is a lack of domain industry knowledge.Not only do those doing the analysis have to understand the structure of Epik's databases and data, (some very good analysis has been posted on Twitter about this) they have to understand how it is used and the purposes for which it is used. Reverse-engineering is more difficult than ordinary engineering because it is necessary to work out why some decisions were made and what they are intended to achieve.

This level of data breach is almost unprecedented.

For a registrar, it is a very serious problem. That Domaintools link above should be accurate on the changes. Some portfolio operators may be the first to move.

Regards...jmcc

 

[Bertrell]

most of my personal and most valuable domains are kept at Cloudflare now, just because security is their focus

Ditto.

 

[Derek Peterson]

Brings a tear to the eye.

This one's gonna hurt.

Boring. Still waiting to see revelation of real crimes and fed honeypot.

 

[FernandoBMS]

context for ASCII art: the person seen in the now famous Robert Monster's Q&A/prayer meeting with a swastika tattoo on his chest was the most prominent member of the hacker collective "Goatse Security".

 

[DN Playbook]

It boggles the mind that Epik hasn't even made an attempt to get ahead of the ball and at least present a strong pr front in an attempt to regain or preserve some level of confidence. Especially with the fans they have here and elsewhere who would jump at the opportunity to praise and magnify those efforts.

context for ASCII art: the person seen in the now famous Robert Monster's Q&A/prayer meeting with a swastika tattoo on his chest was the most prominent member of the hacker collective "Goatse Security".

Rob sent his love to him. Anyone know if this person or the group was in any way involved on the security side of Epik?

 

[bmugford]

It boggles the mind that Epik hasn't even made an attempt to get ahead of the ball and at least present a strong pr front in an attempt to regain or preserve some level of confidence. Especially with the fans they have here and elsewhere who would jump at the opportunity to praise and magnify those efforts.

I agree, but what are they really going to say?

Instead of getting ahead of the ball they are getting hit with a wrecking ball that exposed their lax security. I am not sure there is really any way to spin that in a positive way.

Brad

 

[Derek Peterson]

It boggles the mind that Epik hasn't even made an attempt to get ahead of the ball and at least present a strong pr front in an attempt to regain or preserve some level of confidence. Especially with the fans they have here and elsewhere who would jump at the opportunity to praise and magnify those efforts.



Rob sent his love to him. Anyone know if this person or the group was in any way involved on the security side of Epik?

No, I seriously doubt they hired Weev and Monster acted like he didn't know him during the call so again, highly doubt Weev ever worked for EPIK BUT this Robert David is VP and a "cryptologist expert" and he glows brighter than Fukushima.

 

[noneisnone]

@DN Playbook not to pile on here you guys are doing enough ^^ but i don't think anyone involved in cyber security or anything tech related is gonna claim epik as his employer it would deduct from his years of experience and probably never be able to find a job again

the real question here is can it get any worst ? the whole server was leaked the fok