alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Jurgen Wolf]

To prevent: don't deal with toxic offshores. Universal rule.
And be happy.

 

[Bob Hawkes]

I agree entirely with the following extracted from recent post by @Paul, and also with the point made recently by @johnn that there is too much politics and off-topic to make this thread useful or even reasonable to try to follow.

.... the immediate concern is ensuring that everyone is safe and relevant information is available to anyone who needs it.

I suspect that the majority of the NamePros community is rather tired of the political debate around Epik.

I would like to see this thread closed to further comment, rather than already add to mods difficult task, and a new thread started where it was very clear the topic to be discussed were only things like:

• What can domainer's due to minimize risk from breached data?
• What are best practices?
• What do we know specifically about the breach that is important to know?
• What actions are possible against 'researchers' who are recklessly making it worse by publicly sharing information (note I don't mean real security researchers, who would not do that)?
• What specifically do we need in additional information, and how might we encourage Epik to release that?

The summaries Paul has provided are an excellent example of what we need. Thanks also others from NamePros with security expertise who have provided links and information.

Bob

 

[oldtimer]

I would like to see this thread closed to further comment, rather than already add to mods difficult task, and a new thread started where it was very clear the topic to be discussed were only things like:

• What can domainer's due to minimize risk from breached data?
• What are best practices?
• What do we know specifically about the breach that is important to know?
• What actions are possible against 'researchers' who are recklessly making it worse by publicly sharing information (note I don't mean real security researchers, who would not do that)?
• What specifically do we need in additional information, and how might we encourage Epik to release that?

Bob

Bob, in order to open a new thread to soley discuss the issues that you have mentioned why does it require for this thread to be closed.

IMO

 

[mr-x]

Suggest to close this thread and start a new one.
Too many off topic posts and personal attack which make people don't want to read the posts anymore - myself included.

Start a new one:
Epik Had A Major Breach - Part 2

You should call it, We Hate Epik, Contrary Opinions Not Wanted.

 

[mr-x]

...

The summaries Paul has provided are an excellent example of what we need. Thanks also others from NamePros with security expertise who have provided links and information.

Bob

Paul said: ↑
.... the immediate concern is ensuring that everyone is safe and relevant information is available to anyone who needs it.

I suspect that the majority of the NamePros community is rather tired of the political debate around Epik.

More like we are tired of contrary view points, especially those that use facts.

 

[.X.]

I agree entirely with the following extracted from recent post by @Paul, and also with the point made recently by @johnn that there is too much politics and off-topic to make this thread useful or even reasonable to try to follow.


I would like to see this thread closed to further comment, rather than already add to mods difficult task, and a new thread started where it was very clear the topic to be discussed were only things like:

• What can domainer's due to minimize risk from breached data?
• What are best practices?
• What do we know specifically about the breach that is important to know?
• What actions are possible against 'researchers' who are recklessly making it worse by publicly sharing information (note I don't mean real security researchers, who would not do that)?
• What specifically do we need in additional information, and how might we encourage Epik to release that?

The summaries Paul has provided are an excellent example of what we need. Thanks also others from NamePros with security expertise who have provided links and information.

Bob

nothing can change the root cause of the Hack which was political views and ideologies.. differences between USA right and left … the hack most likely wouldn’t have been ordered with out the root cause … the data dump consists of thousands of people that have no affiliation to the root cause of the hack .. we are victims sitting here looking for answers .. those answers are slowly dripping in .. that due to the posting of who and exactly what the affiliations are that the hacker was seeking .. unfortunately… the hack also effected the domain name industry .. topics being covered that are political supply information as to specific contents that need to be known to understand the logistics of the hack and dump … knowing the Epik hack was 100% politically motivated but wanting to stay off the very topic that is the foundation and root cause of the hack to begin with makes no sense IMO .. there is more than one side to this hack .. both sides should be able to have conversation and be heard regarding the hack .. if that is not able to happen .. then this thread should just be locked up IMO

 

[Derek Peterson]

Rob, October 4, 2021, at 2:45 AM EDT
Subject: Derek
Hi Paul,

For the record, I barely know Derek. I have very rarely interacted with him since 2018

I have exactly 26 emails in my inbox FROM Rob Monster and I think there were many more than that I deleted, we have exchanged dozens and dozens of messages on various social networks, including this one, and we have spent many hours on the phone talking.

when he tried very hard to convince me that Gab should be put down.

My problems with Gab had nothing to do with "Free Speech". My problems with Gab were because they were committing SEC fraud and stealing millions of dollars from people, lying about their products, banning critics but mostly because they were selling porn, lolicon and even CP behind paywalls.

I had put out videos exposing Gab's grift and their porn problems before Mr Monster was ever involved with Gab. Stripe cancelled Gab because of their porn, NOT free speech. (see attachments) Of course, after Gab lost payment processing for porn Andrew Torba changed his position on porn and switched from his edgelord, alt-right affinity grift to a trad/Q/Christian grift.

Mr Monster is trying hard to deflect here. He wants people to believe that my problems with him and Epik are because I was against Gab, and thus insinuate that I am against free speech. He knows that is not the case. My problems with Mr Monster are the same as I have with Gab, he is profiting from porn and lolicon and even what appears to be actual CP'ish porn (have you seen the list of sites Epik hosts? Oh, my), defrauding users, hurting users with his false claims and incompetence and making millions in the process.

I ultimately concluded differently in part I because I found his testimony to be questionable.

I proved to Mr Monster beyond any shadow of a doubt that Gab was a pedo porn website and that gab was committing fraud, attached is the very first email I ever send to Rob Monster. And here is a link to one of the videos I made discussing Gab's porn.

Mr Monster not only ignored and helped cover up Gab's illegal porn but he also helped them commit fraud. He constantly repeated Torba's lies of traffic (see attachment - I have many such examples). He knew these claims by Gab were not true because it had been proven in many ways my many people, myself included AND because the very hosting company he purchased put out a public statement saying that gab was lying about their traffic based on the hardware they were leasing. https://archive.is/3xhMK

BTW - Sybil, the hosting company Mr Monster purchased was literally a couple of literal teens with a couple racked servers hosting lolicon doing about $2,500 in monthly revenues. (I know this because Mr Monster told me)

This is not a new topic: https://www.namepros.com/threads/wh...and-rob-monster.1128748/page-108#post-7459953

Mr Monster's decisions were based on riding Gab's coat tails so of course he wanted Gab to be a bigger deal than it was and cover up the dirty bits. Gab was handed over $3,000,000 and Rob Monster has, according to him, been given $32,000,000 for a minority share of Epik, just a couple months before the hack. That's quit a valuation for a tiny little register.

The grifters on the left need a boogie men too so they are are always quick to help by making a joke tech site with a couple thousand users and 10K Kenyan bots into the rise of 4th reich.

It always frustrated me why a professing Christian would not see things the way I see them concerning these very obvious things but now I know, Rob Monster and Andrew Torba are of the same character.

At this point, I have no idea why he is obsessed with me,

I have no special place in my heart for Rob Monster, I sincerely dislike all dishonest people who take advantage of others and don't care about the damage they cause and especially those that use the name of Christ as part of their self serving affinity grift.

nor DNPlaybook who seems to work from the same script.

I do not not know who DNPlaybook is.

What is the purpose of letting these nonsense-spouters persist on NP?

It's called free speech, Rob, ever heard of it? Not a good look trying to get folks silenced for simply telling the truth. The real test of free speech is criticism of authority, not porn, loli, mass murders, beheadings and alike. (BTW - Your attorney is currently cringing at the subjective nature of your version of free speech as he reads this and is seriously considering dumping you as a client.)

If you are comfortable with his contributions to that cesspool thread, so be it. So we have an understanding, the content is now all being backed up continuously.

Oh my, scary. Rob, please save it on your server so that way everyone can get a copy.

The level of defamation in that thread that is being permitted is absurd.

I was just making sure that you were comfortable with the posts from someone who apparently has no other reason to be on NP other than to defame Epik and Rob Monster.

Every single thing I have said is the truth. Mr Monster is free to refute anything I have said or anyone else has said and if I am wrong about anything I would certainly retract but he knows I am not. I have not mentioned anything about his personal life, family, past jobs and firings or anything of the sort. I have simply commented on his proven incompetence and refuted the false claims he has made about the products and services he promotes and questioned his character and sincerity because of all those false claims.

It is no wonder that his startups all fail, but that’s a different matter!

I really don't know what he is talking about here or how it would even matter (your attorney is cringing again) but I have only ever started 2 companies, ConstructionWork and GORF.

ConstructionWork, I started in 1999 and ran successfully up until the pandemic. At one time we were one of the largest construction portals on the internet, job board, resumes, project leads, contractor director, manufacturer directory, etc. We also ran lowes' ForPros section of lowes(dot)Com, produced almost all of the digital content related to contractors, I wrote 3 books/marketing pieces for them and published several million copies and I also did 30 TV shows as the handyman. The company later evolved into a recruiting firm and I ran that successfully up until the pandemic. I don't want to say exactly how much I made but I profited several hundred thousand per year from that company right up until the pandemic, which is probably more than Epic made before Rob Monster started his freeze peach marketing gimmick. (BTW - this is just me defending myself against actual "defamation", ironically).

Gorf, which was originally called oneway, I started in about 2018. It isn't really what I would call a "start-up" since it has no business model and no plans for one. It is more of a hobby that has cost me hundreds of thousands of my own money building and promoting things for others because I sincerely care about free speech and innocent people being silenced. It might not make a any money but at least I haven't lied to anyone, defrauded anyone, made someone lose their job, get put in prison or even killed because of my arrogance, greed and incompetence.

The only thing I can think of that would make him say something like this is that I have bought a lot domains and created several LLCs and trademarks to protect them but how would be even know that unless he hired a detective, maybe his personal PI, Joey Camp, who I just learned about a week ago or maybe his NSA side kick and VP of Epik, Robert Davis. I don't know but pretty weird a company would hire a detective for someone who simply told the truth about his products and then try to use that info to "defame" him and silence him.

BTW - Since the pandemic I learned how to trade stonks and $AMC has been very, very good to me.

 

[mr-x]

My problems with Gab had nothing to do with "Free Speech". My problems with Gab were because they were committing SEC fraud and stealing millions of dollars from people, lying about their products, banning critics but mostly because they were selling porn, lolicon and even CP behind paywalls.

These are serious charges. Did the FBI or anyone with authority act on them?

 

[Derek Peterson]

These are serious charges. Did the FBI or anyone with authority act on them?

Not yet that I know of but hopefully they do at some point. Also, Gab has done much more serious things than these listed that are getting dealt with.

 

[FiniteCrystal]

If everyone rushes to the defense of a person who has been humiliated or hurt by someone who has been exercising their right of Free Speech and that person realizes that the socity as a whole is supporting of him or her then the words won't hurt anymore.

Too bad that doesn't happen, making the world more dangerous every day for marginalized communities. Sorry, but your entire post rings hollow as hate speech and incitement of violence are rampant right now. See also my two previous posts on the topic. I'm tired of arguing about this topic. As others have rightly pointed out, it's off-topic and I'm frankly tired of reading the posts of members who wish to go to bat for the rights of extremists to spread violent rhetoric that has real impactful harms to marginalized people and society at large. This is the last post I will make on the topic, and quite possibly my last post on this forum in general.

 

[branding]

Could you guys cut it out? I don't mind the occasional offtopic post and things getting sidetracked for a bit but you all seem to go above and beyond to make this about anything but this hack.

There's a gab thread.
There's a Parler thread.
There's a politics thread.
There's a what's going on with Rob thread.
There's a religion thread.
There's an environment thread.
There's an Epik thread.

Have fun.

 

[mr-x]

Not yet that I know of but hopefully they do at some point. Also, Gab has done much more serious things than these listed that are getting dealt with.

I don't know anything about Gab. I'm sure it's more complicated than making a police report but if you have hard evidence, you don't have to wait for the FBI. A local DA could handle the case.

 

[Future Sensors]

They've also deleted their prior tweet that informed their customers of the hack (archived).

This is troubling. Thanks for noticing.

That tweet was about the first leak. What about the 2nd and 3rd that happened afterwards?

 

[Molly White]

This is troubling. Thanks for noticing.

That tweet was about the first leak. What about the 2nd and 3rd that happened afterwards?

To my knowledge they haven't acknowledged the second or third leaks (on Twitter or anywhere else).

 

[.X.]

Could you guys cut it out? I don't mind the occasional offtopic post and things getting sidetracked for a bit but you all seem to go above and beyond to make this about anything but this hack.

There's a gab thread.
There's a Parler thread.
There's a politics thread.
There's a what's going on with Rob thread.
There's a religion thread.
There's an environment thread.
There's an Epik thread.

Have fun.

well … I can bail out of this thread … that will mean that I am being chastised for not speaking words that the Left want to hear IMO .. after all .. I am a victim of this hack .. although the innocent victims of the hack appear to be at the back of bus .. that shouldn’t be the case .. but in consistent with the narrative and agenda of the complete hack and the aftermath .. I can see why the victims are being put in the background ….. the thread has served its purpose for me at this point … the vital things that I need understand .. I understand fully now .. with that said .. I am out .. enjoy .. carry on

 

[johnn]

Politics, Racism, Religion, Abortion, and Free Speech are amongst some of the major issues that are at the heart of this case.

So in order to prevent future data breaches the root causes of this hack need to be discussed and analyzed further.

This case could also become a learning experience for the hacktivists and it could help expand their vision so that they can see the big picture better.

IMO

This is Epik problems not yours or mine and why do you keep repeating we need to do something to prevent it?
We have nothing to do with preventing the Epik hack.

 

[branding]

well … I can bail out of this thread … that will mean that I am being chastised for not speaking words that the Left want to hear IMO .. after all .. I am victim of this hack .. although the innocent victims of the hack appear to be at the back of bus .. that shouldn’t be the case .. but in consistent with the narrative and agenda of the complete hack and the aftermath .. I can see why the victims are being put in the background ….. the thread has served its purpose for me at this point … the vital things that I need understand .. I understand fully now .. with that said .. I am out .. enjoy .. carry on

Not asking you to back off. Just leave the left vs right or, whatever, political, ethical, shit out of this, take that to the other threads.

You're not alway right, but not always wrong either imo. Contribute to the designated threads where it adds value.

Not a personal attack btw, I find myself guilty at times and appreciate people/mods putting me in place just the same . We're all just human. Things like this stir up emotion.

 

[Derek Peterson]

Rob has specifically mentioned me in his letter to Paul. I have written some articles reporting about RM and E in the past during a different scandal or scandals. I opted not to write about this one since I do not want to give more oxygen to RM/E. Instead use this thread to contribute to and learn about the development of this story. I may end up doing a large piece eventually once all the facts are on the table. Rob has in the past reported my NP posts to take them down.

What was the previous scandal? Can you please post links to those articles?

 

[bmugford]

I would like to see this thread closed to further comment, rather than already add to mods difficult task, and a new thread started where it was very clear the topic to be discussed were only things like:

• What can domainer's due to minimize risk from breached data?
• What are best practices?
• What do we know specifically about the breach that is important to know?
• What actions are possible against 'researchers' who are recklessly making it worse by publicly sharing information (note I don't mean real security researchers, who would not do that)?
• What specifically do we need in additional information, and how might we encourage Epik to release that?

I respectfully disagree. Outside some problem posts here and there I think the vast majority of stuff is related to Epik, the data breach, and their security protocols.

Since Rob and Epik are basically providing no useful updates, this is one of the only ways to stay updated, especially for people who don't use Twitter.

Brad

 

[sonatime]

Not asking you to back off. Just leave the left vs right or, whatever, political, ethical, shit out of this, take that to the other threads.

You're not alway right, but not always wrong either imo. Contribute to the designated threads where it adds value.

Not a personal attack btw, I find myself guilty at times and appreciate people/mods putting me in place just the same . We're all just human. Things like this stir up emotion.

I will need to start reviewing this thread to see if my perception is still correct, but I thought politics and ideology was the motivating factor why hackers went after epik. If this thread were about security mishaps and criminal hacking, it would look different.

I thought the presence of the new members/hacker ambassadors in this thread was to make the exposure of the hack look ethical rather than criminal. Maybe I am missing something, but rather than dig into and expose these fringe hate groups, the "ambassadors" are after the destruction of a company by making it unsafe for an average customer to associate with a domain registrar.

Anyway, there is a lot of pages to review to catch up now.

 

[bmugford]

They've also deleted their prior tweet that informed their customers of the hack (archived).

This is troubling. Thanks for noticing.

That tweet was about the first leak. What about the 2nd and 3rd that happened afterwards?

To my knowledge they haven't acknowledged the second or third leaks (on Twitter or anywhere else).

Care to explain @Rob Monster?

Why was the tweet informing customers deleted?
Why no information on the 2nd or 3rd leak?

 

[Future Sensors]

It wasn't that long ago that Epik falsely accused GoDaddy of poor security.

https://domainnamewire.com/2021/01/...ddy-godaddy-says-this-is-why-it-dropped-epik/

 

[bmugford]

It wasn't that long ago that Epik falsely accused GoDaddy of poor security.

https://domainnamewire.com/2021/01/...ddy-godaddy-says-this-is-why-it-dropped-epik/

From the article -

The next month, GoDaddy terminated its Afternic partnership with Epik, apparently catching Epik by surprise.

Epik went public about the termination, apparently violating the contract it signed with GoDaddy in doing so. Epik seemed to tie GoDaddy’s decision to a number of factors, and oddly questioned receiving GoDaddy’s letter “two hours after the election was called for Joe Biden.”

Yesterday, Epik published another letter about the Afternic termination. It argued that one of the factors leading to the termination was that Epik was reporting security issues with the platform.

I reached out to GoDaddy yesterday to see if the company would provide any information about its decision to terminate the partnership with Epik.

Paul Nicks, GoDaddy VP, Domains – Investors and Corporate, issued this statement in response:

Once again, Epik has lobbed baseless accusations against us. To be crystal clear, Epik has not provided us with reports of “repeated Afternic security issues.” If anyone has any concerns about our systems, we work closely with them to answer any questions or resolve issues. This is how a real partnership works.

The reason Epik was dropped has everything to do with their constant attacking of us. We don’t feel the need to partner with someone who time and time again casually lies about a wide variety of issues.

We will not be providing further statements on their business, and reserve the right to explore any and all possible legal options to defend against their baseless claims.

 

[DN Playbook]

What was the previous scandal? Can you please post links to those articles?

Just go to the blog in the signature and search epik.

 

[branding]

I will need to start reviewing this thread to see if my perception is still correct, but I thought politics and ideology was the motivating factor why hackers went after epik. If this thread were about security mishaps and criminal hacking, it would look different

I agree. The motives are clear. Wrong or right, when it comes down to it, the big takeaway from this thread/hack is the poor security in place at E. Something that affects a lot of clients, no matter what you think/feel about them.