alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Samer]

Now Wikipedia updated it

Alleged hack
The hacktivist group Anonymous claimed in a September 13, 2021 press release that they had gained access to "a decade's worth of data" belonging to Epik that included domain registration and transfer details, passwords, all of Epik's customers' account credentials, logins, and payment history.[22] The Distributed Denial of Secrets (DDoSecrets) organization announced later that day that they were working to curate the allegedly leaked data for public download, and said that it consisted of "180 gigabytes of user, registration, forwarding and other information".[23]

Epik's CEO wrote on Twitter that the alleged hack was a "non-story" and a "nothingburger",[22] and the company subsequently told Gizmodo they were "not aware of any breach".[23]

https://en.wikipedia.org/wiki/Epik_(company)

Wikipedia is having wet dreams on it —This company has the worst bias against em

There is no oversight of epik’s page;
it’s hijacked by activists…

 

[equity78]

Now Clubhouse went through this in April

https://gigazine.net/gsc_news/en/20210412-clubhouse-data-leak

 

[MadAboutDomains]

Another thing ... for about 10 min the Lolz did this .... archive.today

How did they manage to get archive.today to archive a page that didn't exist? Or did it exist?

 

[Jurgen Wolf]

So nobody with Gigabit connection to download this torrent and to check it? Fake or real data...

 

[equity78]

Data Breach vs. Cyber Liability Insurance: Is there a Difference?


If you’ve ever looked into protecting your business from cyberattacks, you have probably heard the terms data breach insurance and cyber liability insurance. Since they are often used interchangeably, many tend to confuse the two.

Is there actually a difference? Yes. Simply put, cyber liability insurance covers monetary losses from a breach AND provides legal protection. Data breach insurance only protects your financial interest.

Let’s take a deeper look at each type of coverage to get a clear understanding of the differences between the two. We’ll also discuss what you should consider when looking for protection against a cyberattack.

https://www.dhia.com/blog/data-breach-vs-cyber-liability-insurance-is-there-a-difference/

 

[equity78]

I would really like to hear from who I think are the two of the top smartest people on these topics on this forum, @Paul @Michael

 

[equity78]

So nobody with Gigabit connection to download this torrent and to check it? Fake or real data...

Maybe @Lox

 

[Lox]

How did they manage to get archive.today to archive a page that didn't exist? Or did it exist?

My CS team confirmed, - it is known that the Archive (is) is being used as a disinfo hub for .... years. The easiest way was/is to manipulate screenshot metadata (f.e. jpg/png source code) but also there's injecting the fw code (no further info) ...

 

[Lox]

Maybe @Lox

Still hanging on 5.8% ... for hours. The examples doesn't look like there's something "important". You can easily collect SSH dnssec and other public keys and in-out dn transfer/movement data . That's mostly "good-natured" data.

 

[carob]

This should be changed definitely.

The Swiss Cheese of domains?

 

[eternaldomains]

What I find the strangest is this:

Epik's GoDaddy logins

Why the heck would there be something like this even though Epik got kicked out by Afternic/GD long ago?

 

[VadimK]

The lack of any response by Epik is troubling, even a basic update on what is going on.

I understand if things are going on behind the scenes, but you have (37) Epik staff members on NamePros.

A basic "We are aware of the reports and are researching the situation" or something similar is needed.

Brad

That's exactly what they say, I just chatted to their live chat few minutes ago.

 

[AEProgram]

My CS team confirmed, - it is known that the Archive (is) is being used as a disinfo hub for .... years. The easiest way was/is to manipulate screenshot metadata (f.e. jpg/png source code) but also there's injecting the fw code (no further info) ...

how did they get into epik and is it possible epik didnt fix the site and they still can get in?

 

[capybara]

Edited: unfortunately, its genuine

 

[Jurgen Wolf]

If fake attack - why slowness yesterday?
I don't believe: that their platform is so weak in terms of load, where even own customers can affect it...

Speed is usual today. With ~ the same volume of customers.
So some DDoS was yesterday definitely.

 

[Kingslayer]

Here in the UK a company would need to report it to the ICO within 72 hours and would need to inform their customers - not sure what they have to do in the U.S - are they legally required to notify anybody, including customers?

If a company allow EU (and UK) citizens on their site and take on EU (and UK) customers, a company no matter where they are from have to abide by GDPR laws and other data protection laws where their customers are from.

I posted this article yesterday on potential lawsuits, but edited my post as reflecting on it felt it wasn't the time to talk about that, but as @equity78 posted something about fines/lawsuits, i will post it again:-

https://www.data-breaches.co.uk/data-breach-protection-claims-and-compensation/amounts/

(if scroll down below, there's a list of fines major companies have received for data breaches)

As said data protection is very serious and i feel there as defiantly been some kind of breach, Epik alerting customers to this breach should be no1 priority.

 

[capybara]

.

Edit: unfortunately it looks genuine

 

[MapleDots]

Show your support for Epik

We must stand together on these type of attacks!

 

[VadimK]

Show your support for Epik

We must stand together on these type of attacks!

Before retweeting by ''showing support'' (e.g. spreading even more panic) I'd rather wait till things are clear of what's going on (or what exactly happened).

 

[iAdam]

That's nice of you MapleDots

Also small businesses shouldn't be controversial = risky.