alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[oldtimer]

@mr-x

If you have read some of my threads and posts on NamePros you can see that I usually try not to take sides in the arguments and fights that go on between the different groups here because my concerns for the future of Humanity and the Environment goes beyond the usual differences and disagreements that exists between all the political, religious, or racial factions, parties, and interest groups that people belong to.

I like to appeal to everyone's sense of Logic and Compassion to try to find some common grounds by rising above their usual ideologies, affiliations, and loyalties so that as a community we can be a Force For Good and be able to do the right thing here not only when it comes to Epik, but also for the domain Industry as a whole (and perhaps at some level for the whole World at large).

IMO

 

[mr-x]

@mr-x

If you have read some of my threads and posts on NamePros you can see that I usually try not to take sides in the arguments and fights that go on between the different groups here because my concerns for the future of Humanity and the Environment goes beyond the usual differences and disagreements that exists between all the political, religious, or racial factions, parties, and interest groups that people belong to.

I like to appeal to everyone's sense of Logic and Compassion to try to find some common grounds by rising above their usual ideologies, affiliations, and loyalties so that as a community we can be a Force For Good and be able to do the right thing here not only when it comes to Epik, but also for the domain Industry as a whole (and perhaps at some level for the whole World at large).

IMO

I just tell the truth. I was agreeing with you in part but not your politically correct walk about. Anonymous is a scourge on society, they provide no benefit.

Spend 20 minutes reading their post and come to a different conclusion.

 

[mr-x]

People here are piling on Epik and Rob Monster for some* good reasons. But it's not Epiks fault your domains are in danger, your information has been made public.

If you have political views that align with digital terrorist who hide behind the false word of "antifascist", you're a fool. Their last rant was too obscene to post.

 

[mr-x]

Yeah, that is true. If someone has hundreds or thousands of domains there, you are talking at minimum of around $9/per domain (.COM) to move them to another registrar. Some other extensions could be even more expensive.

Epik's user base seems to be basically domain investors and extreme elements. I am not sure how either group could really be comfortable with them going forward.

This is b/s. People who have been censored or identify with them have gravitated to Epik but they do not make up a majority of customers.

Sounds like you and the Glomar have an agenda.

Many of the more extreme elements are having their connections unearthed. Connections they probably don't appreciate being made. You would think privacy would be their top concern.

Domain investors are getting lumped in with the extreme elements. Many domain investors probably have no clue about any of the drama with Epik, especially over the last few years.

You're doing the type casting here.

Either way, how would you have confidence going forward with how Epik was handling their customer's private information?

A few pages back someone said a CC charge was rejected recently. Has any Epik customer had a successful charge in the last couple days? I am wondering if that is a one-off issue, or PCI compliance issue.

Brad

 

[Paul]

I’m not keen on all the finger pointing here. We were strongly discouraging it before Rob emailed me, and that policy hasn’t changed.

It’s not helping anyone to assign blame right now, and it’s a subjective matter anyway—we could argue for hundreds of pages about it, and it wouldn’t do anyone any good. It would not help any of the victims here.

Sounds like you and the Glomar have an agenda.

Once again, we do not allow vague, personal accusations. Please do not make this thread political; those discussions are already taking place elsewhere, and it isn’t the purpose of this forum.

 

[mr-x]

I’m not keen on all the finger pointing here. We were strongly discouraging it before Rob emailed me, and that policy hasn’t changed.

It’s not helping anyone to assign blame right now, and it’s a subjective matter anyway—we could argue for hundreds of pages about it, and it wouldn’t do anyone any good. It would not help any of the victims here.



Once again, we do not allow vague, personal accusations. Please do not make this thread political; those discussions are already taking place elsewhere, and it isn’t the purpose of this forum.

Both are pushing the Epik is "right wing extremist" don't be associated with them, narrative.

 

[bmugford]

Both are pushing the Epik is "right wing extremist" don't be associated with them, narrative.

It is what it is.

There are plenty of examples here -

https://en.wikipedia.org/wiki/Epik_(company)

People can associate with whoever they want.

That issue aside, you still have a company that reportedly employed lax security measures which lead to an almost unprecedented data breach. No one really has any clue what is actually going on due to poor communication from Rob Monster and Epik.

Instead of getting an update on the actual data breach, we got a "not a legal letter" to Paul instead.

Have a good night.

Brad

 

[carob]

One affected group not much mentioned yet is investors in Epik.

What say will they have over the response to the breach, and what concerns will they have about the future of their investment?

It's unlikely they could remove Rob Monster as CEO as he is the majority shareholder, possibly still holding 80%.

 

[bmugford]

It is kind of amusing seeing people in the non-domain world analyze some of this stuff.

I see commentary like - "Epik is sitting on $18 Billion in domain name selling rights / assets." with a link to their listings, not realizing people can ask whatever they want and few domains will even sell, never mind for anywhere near those asking prices.

or

"and he owns at least $50 million worth of 4 letter domain names (extremely valuable internet real estate)". In reality what is listed is a bunch of random CCCC.com not NNNN.com or LLLL.com, which have virtually zero resale value.

I am sure the lack of knowledge from the domain world is just as amusing to security experts and hackers.

Brad

 

[carob]

More news coverage

https://news.yahoo.com/anonymous-hack-hosting-company-epik-030000952.html

https://www.jpost.com/diaspora/anti...f-right-wing-sites-exposes-antisemites-680539

https://www.computing.co.uk/news/4037435/million-users-details-exposed-epik-breach

 

[Paul]

Both are pushing the Epik is "right wing extremist" don't be associated with them, narrative.

People are understandably frustrated. Let’s not allow it to descend into yet another flame war over Epik.

I am sure the lack of knowledge from domain investors is just as amusing to security experts and hackers.

It’s difficult watching events like these unfold when they were likely preventable.

 

[johsun123]

Where is Rob Monster? As someone who has recommended EPIK to many, this silence is unpardonable.

Open up and communicate.

Not everyone of us using EPIK is a right wing nut. We deal with EPIK as they offer good deals and are customer friendly.

 

[Digital Nomad]

I have to say that after reading more than 2000 comments here, and more on Twitter, the news etc. I feel kinda tired and realized I have to focus on domain investing again. All of this that happened surely thought me a lot as I am currently studying cyber security, this thread was invaluable to all of us, a live example of what can happen when security is not taken seriously. And I hope more people learn about domain investing too, it's a nice way to earn a living.

Let this breach be a lesson to all of us, for investors as well as other companies. For investors to do research and evaluate where to put all the eggs. And the best is to diversify, because we never know which company to trust, until a breach has happened it's already way to late. Do research how to do best practices for security, unique passwords for each account, unique emails for each account, 2 Factor Authentication etc. which have been mentioned a couple of times here already. But take this very seriously, this is no joke, it is our money, and our families depend on it too. There may be many other companies that have been hacked, and we never knew about it, and all our data is circulating on the dark web. So always be cautious and change your passwords/usernames frequently, not only when we find out about a breach.

@Paul keep doing your great work! You are a real professional and taught us a lot on how to handle difficult situations staying calm. I respect you for that.
@Rob Monster keep praying is all I can say to you and I hope one day you realize the truth, it's not nice to ignore serious security issues when thousands of people depended on you to safe guard our personal info. I hope you learn that when someone tells you there is a vulnerability, do not ignore them nor threaten them later on.

All I can say now is, there is not really a 100% bad/evil person, but only people who do bad/evil things. We were all born innocent, but unfortunately things change with time due to circumstances and maybe some evil DNA code on how we handle stuff, but people can also change to good again if they are open to learn from their mistakes. Maybe in God, or other religions or spirituality such as breath meditation techniques etc. We all have our own ways to deal with life's up and downs. A beer or 5 is also good, or a nice fat joint.

Cheers everyone and hope this will all have a happy ending.

 

[Windoms]

 

[mr-x]

It is what it is.

There are plenty of examples here -

https://en.wikipedia.org/wiki/Epik_(company)

People can associate with whoever they want.

That issue aside, you still have a company that reportedly employed lax security measures which lead to an almost unprecedented data breach. No one really has any clue what is actually going on due to poor communication from Rob Monster and Epik.

Instead of getting an update on the actual data breach, we got a "not a legal letter" to Paul instead.

Have a good night.

Brad

If a man robbed your neighbors house, would you blame the cheap lock and then tell him he deserved it because of the people he does business with? Who are you going to blame if it happens to you?

I'm not defending Rob, I'm pointing out you are wrong about the majority of epic's customers being associated with right wing extremist and it's irresponsible to say so.

You have no way of knowing how many people / organizations with politics your disagree use other companies like godaddy, dreamhost, etc.

 

[mr-x]

A group that has broken no laws, unlike anonymous.

Show attachment 200875

 

[mr-x]

Where is Rob Monster? As someone who has recommended EPIK to many, this silence is unpardonable.

Open up and communicate.

Not everyone of us using EPIK is a right wing nut. We deal with EPIK as they offer good deals and are customer friendly.

Rob needs a decent spokes person for sure. He should stay focused on fixing the problem, not making public comments.

 

[bmugford]

If a man robbed your neighbors house, would you blame the cheap lock and then tell him he deserved it because of the people he does business with? Who are you going to blame if it happens to you?

I'm not defending Rob, I'm pointing out you are wrong about the majority of epic's customers being associated with right wing extremist.

You have no way of knowing how many people / organizations with politics your disagree use other companies like godaddy, dreamhost, etc.

If a bank left the vault open, with the safe deposit boxes open, with no one there, and the front door open...well yeah, they deserve some portion of the blame. You can assign whatever % you want to Epik, but their security measures played a large role in this.

Also, please cite where I said the "majority" of Epik's customers are associated with the right wing or extremists. They have a disproportionate amount of well known ones compared to their relatively small size, but I said the following earlier in this thread -

The vast majority of the domain count there are the domain investors / portfolio holders.

If you look at the WHOIS data of the top domains holders at Epik, most of the ones with the highest domain counts are domain investors.

Many of these people probably had no clue about the Epik controversy in the last few years. Lots of them are just there for pricing and don't use domain forums or domain blogs that often.

 

[mr-x]

If a bank left the vault open, with the safe deposit boxes open, with no one there, and the front door open...well yeah, they deserve some portion of the blame. You can assign whatever % you want to Epik, but their security measures played large role in this.

But that's not what happened. A group of criminals broke into a business and stole back up copies.

If your neighbor had a good lock and an alarm but the burglar went through the window, does it make the thief more guilty?

Also, please cite where I said the "majority" of Epik's customers are associated with the right wing or extremists. They have disproportionate amount of well known ones compared to their relatively small size, but I said the following earlier in this thread -

Right. And you have no idea of the politics of people at godaddy or anywhere else.

Anonymous doesn't just hack organizations you don't agree with. They are criminals, they only talk about the crimes dupes in the media and twitter will praise them for.

If you want to point out Epic's non-existent security and how things should be done I'll agree with you. Making up motives to justify the crime is beyond me.

 

[bmugford]

But that's not what happened. A group of criminals broke into a business and stole back up copies.

Ok, so then in your view the hackers have 100% of the blame and Epik has 0% of the blame for their lax security measures, that across the board has been called unacceptable (and worse) by security and IT experts.

Brad

 

[mr-x]

Also, please cite where I said the "majority" of Epik's customers are associated with the right wing or extremists.

You didn't say a majority. I was wrong.

 

[bmugford]

You didn't say a majority. I was wrong.

I appreciate that.

In fact I said the vast majority of the registrations there were simply domain investors.

I have talked to some since this happened that really had no idea about any of Epik's controversy before this data breach. They were simply there due to things like pricing, customer support, and (supposed) level of security.

Brad

 

[mr-x]

Ok, so then in your view the hackers have 100% of the blame and Epik has 0% of the blame for the lax security measures, that across the board has been called unacceptable (and worse) by security and IT experts.

Brad

No. The hackers are 100% to blame for stealing the data and releasing it. Epik is 100% to blame for ignoring security.

I hope Epik will be a better company. I resent the idea they somehow brought this on themselves for dealing with people with political views the hackers don't approve of.

 

[bmugford]

No. The hackers are 100% to blame for stealing the data and releasing it. Epik is 100% to blame for ignoring security.

I hope Epik will be a better company. I resent the idea they somehow brought this on themselves for dealing with people with political views the hackers don't approve of.

Well, Epik should certainly know they are a target. Right or wrong, that is just a fact.

With that being the case, their handling of data leaves a lot to be desired, to say the least. I have seen multiple experts in the field use terms like "negligence".

Epik made lots of marketing claims about security, which don't appear to match the reality. I would expect more from the "Swiss bank of domains."

Companies face hack attempts daily. This was only this successful because of Epik's security measures. There are a lot of legitimate questions that they need to answer regarding their storage of customer data.

Brad

 

[mr-x]

...
Companies face hack attempts daily. This was only this successful because of Epik's security measures. There are a lot of legitimate questions that they need to answer regarding their storage of customer data.

Brad

I would say "made worse" by Epik's lack of data security. I doubt we hear about most breaches but I look forward to the post analysis.