alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

I agree with you if it's at the advice of law enforcement, but Epik's legal counsel has to be coming back at them as well, to make clear, "Look if we continue to wait, we can be sued big time, possibly out of business, Epik is not Google or Apple.

Yeah, this is a key point. We are not dealing with a company worth billions of dollars.
They have massive exposure, especially when it comes to the domain investing community.

It would be in their best interest to release some kind of update. It is not believable in my view that law enforcement would be stopping them from issuing a basic statement.

The longer it goes on, the worse it is going to get.

Brad

 

[Jurgen Wolf]

They act like nothing happened or fake news. This tactics was chosen.
~3h ago I have received reply in my yesterday's ticket: As far as I'm aware, we are not being attacked by DDoS.

 

[bmugford]

They act like nothing happened or fake news. This tactics was chosen.
~3h ago I have received reply in my yesterday's ticket: As far as I'm aware, we are not being attacked by DDoS.

I don't think the head in the sand approach is going to be a winning strategy here.

This story is starting to make it on more mainstream news sites -
https://www.jpost.com/diaspora/anti...ata-from-far-right-webhost-epik-report-679573

Brad

 

[Paul]

They act like nothing happened or fake news. This tactics was chosen.
~3h ago I have received reply in my yesterday's ticket:
As far as I'm aware, we are not being attacked by DDoS.

I think you're probably expecting a bit much from such a small company this early in the game. I'm not saying their response--or lack thereof--is reassuring, but it's par for the course. Most people involved probably don't even know the difference between a DDoS attack and a data breach.

That's not to excuse their lack of security or preparedness, but we've seen similar behavior in the industry from other, less controversial companies.

 

[bmugford]

I think you're probably expecting a bit much from such a small company this early in the game. I'm not saying their response--or lack thereof--is reassuring, but it's par for the course. Most people involved probably don't even know the difference between a DDoS attack and a data breach.

That's not to excuse their lack of security or preparedness, but we've seen similar behavior in the industry from other, less controversial companies.

When you are a small company with so much exposure to one community, it is normally in your best interest to say something.

No one is asking for some detailed analysis of every aspect of this hack. They just want some type of update, which I think is more than reasonable.

Brad

 

[NickB]

I think you're probably expecting a bit much from such a small company this early in the game. I'm not saying their response--or lack thereof--is reassuring, but it's par for the course. Most people involved probably don't even know the difference between a DDoS attack and a data breach.

That's not to excuse their lack of security or preparedness, but we've seen similar behavior in the industry from other, less controversial companies.

Surely the decision makers in any company no matter what the size would be able to make an announcement no matter how small to show people they are working on it?

 

[Dream Domains]

Epik is innovative and innovation improves bottom line for the industry.

 

[Jurgen Wolf]

So slowness from nothing...
Just overload from customers.

According to my previous tickets and LiveChat - DDoS events are not rare on Epik, and were always confirmed if any.

 

[iAdam]

Probably they are still investigating, and they can't make announcement if they don't know what exactly happened.

 

[Paul]

When you are a small company with so much exposure to one community, it is normally in your best interest to say something.

Of course, but incident response is a tricky beast. It's overwhelming at best. Even the most prepared teams have to prioritize and end up making decisions that don't necessarily look great in hindsight.

There's always a human element, and as someone who's had experience being paged at 4 AM while on vacation because some random person decided that would be a great time launch an attack, I certainly empathize with what they're going through right now. Again, that's not to say I condone the silence or their security practices, but it's a tough situation to be in.

According to my previous tickets and LiveChat - DDoS events are not rare on Epik, and were always confirmed if any.

Keep in mind the actual attack in the spotlight here wasn't a DDoS attack, and it's important not to conflate the two. Denial of Service is just that: users have trouble accessing a service. It doesn't mean data has been leaked. That's not what appears to have happened here.

When enough real people visit a website, it has the same effect as a DDoS attack. If a lot of people are trying to log in right now, it will be indiscernible from the users' perspective: the site will slow down and fail to function properly. That's not an attack; that's just a side effect of everyone panicking.

 

[Jurgen Wolf]

Were troubles...
Yesterday were even periods of up to 20 minutes, when Federated Identity login page didn't load at all.

 

[accuname]

They need rebranding definitely.

January'2021 (8 months ago):
https://www.telegraph.co.uk/technol...-registrar-keeping-extremist-websites-online/

That's not an article by an unbiased source. That's smear propaganda.

 

[Kenny]

@Paul Thanks for stepping up and letting us hear from your trusted perspective. There will be a lot of BS from both sides on this and hearing it from someone without an agenda helps.

Peace,
Kenny

 

[Jurgen Wolf]

And I noticed these troubles even BEFORE this thread was started...

 

[NickB]

That's not an article by an unbiased source. That's smear propaganda.

The Telegraph is a conservative newspaper - if you had said the Guardian.......maybe

 

[Jurgen Wolf]

That's not an article by an unbiased source. That's smear propaganda.

Use Google...
This is just one publication from MANY sources...

 

[Paul]

Let's not let this devolve into yet another flame war over Epik or politics. Given the circumstances, that would be entirely unfair to everyone involved. Notable sites in our industry have been getting hacked more and more often, regardless of their political alignment or lack thereof. Pointing fingers and debating motive does not help us move forward.

Moderators, please take note.

 

[DN_Hunter]

Were there any reports that Masterbucks data was leaked?

 

[VadimK]

Were troubles...
Yesterday were even periods of up to 20 minutes, when Federated Identity login page didn't load at all.

I agree. I was changing some prices yesterday and every time it was taking like 20 sec to update the price, while before the change was in an instance, less than a second.

 

[Omar.]

EPIK FAIL