alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Jurgen Wolf]

Looks that all comments are prohibited for their team until official statement from Rob...
Black day definitely...

 

[johnn]

What's wrong by saying to the members and the media people "We are aware of the problems and working with security people to solve the problems"?

 

[Corey]

sounds like Tall poppy syndrome to me

Cheers
Corey

 

[blockhead]

FWIW - I was able to successfully transfer-out some domains just now.

Hopefully it's a false alarm. It's certainly unnerving not knowing. Thankfully I don't have a lot of domains there anymore.

 

[Mister Funsky]

As someone above said due to encryption, and add that to 2FA, there is probably not much to worry about. I've got hundreds of domains there and I'm not too concerned.

Also, as was said above, it would likely be best not to attempt a log on...just in case. I agree that, at a minimum, an email should have been sent to account holders unless some sort of public statement was made (I can not seem to find one yet).

 

[WhoaDomain.com]

i just removed my credit card and changed password

same but if this is all true. Our info can be used to gain access to credit card yes? Isn’t that the usual worry about a Data breach?

Does that mean I need a new debit card?

 

[johnn]

Stay tune and don't get panic:
1. Do not access to your account unless you HAVE to
2. If someone use you credit card then you can call to cancel and will not be liable for fraud transactions - unless you use Debit card then it will be a different story
3. Your password is encrypted even IT people or Epik staff would not now so there is no need to change password now
4. Wait for the official news from Epik

 

[Lox]

read more

 

[TheBaldOne]

I suspect that law enforcement as well as security teams (external as well as internal) might be advising any and all moves by Epik atm - including the perceived current policy of not commenting on the matter.

 

[Mr Wash]

It looks like it really does include DNSSEC private keys (assuming the dump is legitimate). I had a peak at one of the files in the torrent. Prepare for potential DNS hijackers if you have any site with Epik (unless it is a very sophisticated hoax).

 

[Jurgen Wolf]

The site is slower than usual, perhaps simply because a lot of us are doing things

So their infrastructure is not ready to serve even own customers?
We are like true DDoS for Epik???

I don't think so...

 

[Kingslayer]

I don’t have an Epik account myself for various reasons, 1 of them being the potential of things like this happening with a company that generates a lot of controversy.

I can imagine how this can be potentially worrying for people with Epik accounts and hope for everyone that it is nothing, but data protection is very serious and if there is a breach Epik should alert customers to this breach and what information is in another party’s hands by law, not dismiss it (article that @Lox posted).

All countries have adequate data protection laws, but I know GDPR is very strict on it:-

https://gdpr-info.eu/art-33-gdpr/

 

[topdom]

This attack might be coming from inside, or it may be deeper than what most people think.

 

[bmugford]

This is not the way to handle a potential crisis. The complete lack of updates in 10+ hours just creates a further crisis in confidence.

Far be it from me to tell Epik how to run their business, but I don't think radio silence is a good look.

Brad

 

[NickB]

I don’t have an Epik account myself for various reasons, 1 of them being the potential of things like this happening with a company that generates a lot of controversy.

I can imagine how this can be potentially worrying for people with Epik accounts and hope for everyone that it is nothing, but data protection is very serious and if there is a breach Epik should alert customers to this breach and what information is in another party’s hands by law, not dismiss it (article that @Lox posted).

All countries have adequate data protection laws, but I know GDPR is very strict on it:-

https://gdpr-info.eu/art-33-gdpr/

Here in the UK a company would need to report it to the ICO within 72 hours and would need to inform their customers - not sure what they have to do in the U.S - are they legally required to notify anybody, including customers?

 

[DN Playbook]

Not sure about your education or experience, but I minored in journalism. I will admit it was a while ago, but we were taught not to 'speculate' about a story...breaking or not.

I don't think the report was speculative on DNW. Reads pretty balanced. Breaking stories are always in development.

 

[.X.]

I am not convinced that an actual full hack has taken place ... I think we will hear something today from Epik ... i agree with @johnn 100% .. if you don't have to login ... i wouldn't right now...

 

[NickB]

So everyone advising not to log into Epik - does this include all affiliated sites? For example Name Liquidate etc etc......

 

[equity78]

Seems like they say they did not post credit card data shout out to the FBI saying they are not in that game.

Looks like they are really trying to embarrass Epik

https://pbs.twimg.com/media/E_L28nAXoAERzli?format=jpg&name=large

 

[equity78]

So everyone advising not to log into Epik - does this include all affiliated sites? For example Name Liquidate etc etc......

I think you can log in, change passwords, some are doing transfers out.