I have no far-right political beliefs but I use Epik.com almost exclusively due to their low pricing, support, and just general features. This hack makes me really want to consider just jumping ship and finding another registrar. I read the entire ‘press release’ from Anonymous and this is really bad.
Data (supposedly) includes:
* All domain purchases
* All domain transfers in/out
* All whois history, unredacted
* All DNS changes
* All email forwards, catch-alls, etc
* Payment history
Account credentials for:
all Epik customers, hosting, Anonymize VPN, and so on
Epik internal systems, servers
Epik's GoDaddy logins
...and more! IN PLAINTEXT!
Git repositories for internal applications!
* SSH keys!
* /home/ and /root/ directories of one of their core systems!
Read the full release
here from the hacker group known as ‘Anonymous’.
Just for the record I do not support or condone the hack in any way, especially given I’ve been a loyal Epik customer.
I’m extremely concerned if it’s true that lots of data was not properly encrypted and rather stored in plain text as this would just be pure negligence on behalf of Epik but I reserve judgement until we have more information and know all the facts. As it stands it is still extremely concerning. Would love to hear what Rob Monster has to say about this.
Like I said, I am reserving judgement until we have more information and word from Epik/Rob about how far reaching the hack was. We should give them a chance to give their side of the story. If that info was really unencrypted and stored in plain text though….
I think it goes without saying that
everyone with an Epik account should IMMEDIATELY change their password and setup 2-factor authentication if you haven’t already.