That means you have to trust one of two entities:
- Epik
- The hackers
If you are unable or unwilling to trust both of those entities, then you should assess the risk to your domains at Epik as being quite high even after you have rotated your passwords and other security information.
As a security professional you should know better to make such a general statement.
We don’t need to make everyone panic and become overly anxious about their domains needlessly for the fact that as you are aware when it comes to domainers perhaps less than 5 percent of the domains in most portfolios are of such value and quality that might require the level of security that you like to see.
The majority of the domains in any given portfolio are of average value and quality which really no one (not even the hackers) is going to go through the trouble to take.
Most of the whales* who were attracted to Epik for their special prices probably have had better arrangements for their ultra premium domains because one has to be a fool to transfer around those kind of domains to save a few dollars on renewals. (* Whales are those with very large portfolios).
As far as the innocent business clients go who have a domain or two that they use for their websites it seems that the hackers have taken some precautions to keep those people safe and anyone else who might gain access to their info is probably is not going to mess with them as interfering with other people’s business is a major crime.
So that leaves only the fringe and extremist groups who most likely will still continue using Epik either because of their loyalties or the fact that they have no where else to go.
So In my opinion domainers should not worry as much about losing their domains because the majority of those domains are not worth the trouble for anyone to try to take. Although it’s probably a good idea for everyone to increase the level of security for the few super premium domains that they might have and not to move them around every time there is a special on renewals at some registrars.
So it seems that most people should worry more about losing their personal info than losing any domains.
This hack (rightfully or wrongfully *) has been more about exposing information regarding some of the far right groups rather than trying to take anyone’s domains.
* The only way that the hackers can justify their actions as being hacktivists is if they also expose some of the shortcomings and injustices in the far left, otherwise they are just being used as political tools and pawns by those who want to bring down their opposition in any which way that they can.
Disclaimer: I am not associated or affiliated with anyone. These are my opinions as a neutral and impartial observer.
IMO