alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Paul]

there was nothing of data release or any one flaunting responsibility for that attack ..at least not as of 3 am ..

The data is being distributed publicly--not on the dark web, but out in the open. Links were accessible via various news articles yesterday. (Edit: I've removed references to specific news articles, since it's possible the authors didn't realize what they were publishing.)

Skipped the couple of hundred posts. Is it true they were hacked? Sorry for being lazy but if true I'd better start transferring instead of going through all posts.

The snippets of data I've seen appear to indicate as much, but the dataset is quite large, so I don't think anyone can be certain at this point. Epik doesn't seem to have commented.

 

[equity78]

Of course, but incident response is a tricky beast. It's overwhelming at best. Even the most prepared teams have to prioritize and end up making decisions that don't necessarily look great in hindsight.

There's always a human element, and as someone who's had experience being paged at 4 AM while on vacation because some random person decided that would be a great time launch an attack, I certainly empathize with what they're going through right now. Again, that's not to say I condone the silence or their security practices, but it's a tough situation to be in.



Keep in mind the actual attack in the spotlight here wasn't a DDoS attack, and it's important not to conflate the two. Denial of Service is just that: users have trouble accessing a service. It doesn't mean data has been leaked. That's not what appears to have happened here.

When enough real people visit a website, it has the same effect as a DDoS attack. If a lot of people are trying to log in right now, it will be indiscernible from the users' perspective: the site will slow down and fail to function properly. That's not an attack; that's just a side effect of everyone panicking.

Paul thanks for chiming in glad I tagged you. What would the steps be in order from first to last if you were consulted here or owned Epik in it's entirety?

 

[.X.]

The data is being distributed publicly--not on the dark web, but out in the open. There's a link to it in the PDF on DNW.



The snippets of data I've seen appear to indicate as much, but the dataset is quite large, so I don't think anyone can be certain at this point. Epik doesn't seem to have commented.

there actually is a video made that posted on Twitter .. I am on my phone and can’t post it .. but it is common for Anonymous to post a video .. they did

 

[Paul]

Paul thanks for chiming in glad I tagged you. What would the steps be in order from first to last if you were consulted here or owned Epik in it's entirety?

I would need to know a lot more about Epik, its staff, and its infrastructure before I would be able to answer that.

If I were to be consulted, my first step would be to acquire that information.

there actually is a video made that posted on Twitter .. I am on my phone and can’t post it .. but it is common for Anonymous to post a video .. they did

There's no "they."

 

[dirk]

Thanks @Paul . Gonna be a busy night moving stuff... Fortunately there's a NC promo running. Got some developed stuff there (just regs, not hosting) so time is of the essence.

 

[.X.]

I meant .. who ever did it .. it .. him .. her .. them

 

[Paul]

What would the steps be in order from first to last if you were consulted here or owned Epik in it's entirety?

I suppose the one step that applies no matter what is: log everything. From the moment you find out there might be an issue, everything needs to be recorded. This has a number of benefits:

1. It forces you to think about what you're doing instead of panicking.
2. It provides a record of your response. Optionally, it can be published live to reassure users that you're responding to the incident.
3. It ensures everyone responding is on the same page.
4. For long incidents, it allows you to hand off, which is important: tired, stressed incidence response teams make mistakes, so each individual on the team needs to be able to rest without fear of being paged.
5. It enables to you to learn from the incident after-the-fact.

 

[frostify]

I think it’s been a long enough period of silence from Rob/Epik that I’m going to begin the process of moving out domains to another registrar.

At the very least they could have put a banner or blog post up saying “we’re investigating, here’s what customers should do in the meantime…” but they haven’t.

 

[Lox]

I looked all over the internet .. including Dark .. I have found nothing from Anonymous stating they coordinated and are responsible for the hack .. so until clarity comes from Rob Monster and Anonymous.. I will just monitor

The @ AnonOpsSE posted (@ AnonOps didn't )

twitter .com /AnonOpsSE/status/1438100775968837636

 

[DN Playbook]

This thread is exploding. I still have a few pages to catch up on. Here are brief thoughts.

I just found this tweet. This was just reported as news yesterday, but the tweet is from (2) days ago.

https://twitter.com/x/status/1437517323775086594

Hackers come in many different colors. Most are determined to steal data and sell it on the dark web. Identity theft, bribes, ransomware, and other scams. This one sounds like it was motivated by Rob's position on free speech, hate speech to be precise. This is well documented on NP, Wikipedia, and many other sites, including journalist articles. I don't know what he was thinking. Maybe a way to differentiate his company.

Companies are going to get hacked; that's just the way it is. While there are clearly security lapses visible in the data, that's no different from any other company. Maybe it was hacktivism, maybe it was a disgruntled customer, maybe it was just someone who thought it was fun--it doesn't really matter.

This is very true. The bigger the company gets the more likely it will become a target. But what is most important is what is the company's response.

 

[bmugford]

Probably would have been better without the last paragraph - God, prayer, evil, enemies. That is not usually the type of wording you see about a hack.

All people care about is what happened.

At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.

Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.

You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.

Blessings to you all.

Regards,

Rob Monster
Founder and CEO
Epik Holdings Inc

 

[Mahogany]

^^ I haven't received that email yet.

 

[.X.]

This thread is exploding. I still have a few pages to catch up on. Here are brief thoughts.



Hackers come in many different colors. Most are determined to steal data and sell it on the dark web. Identity theft, bribes, ransomware, and other scams. This one sounds like it was motivated by Rob's position on free speech, hate speech to be precise. This is well documented on NP, Wikipedia, and many other sites, including journalist articles. I don't know what he was thinking. Maybe a way to differentiate his company.



This is very true. The bigger the company gets the more likely it will become a target. But what is most important is what is the company's response.

my initial response was if they wanted a full beat down .. why didn’t they capture .. lock and ransom … this just my opinion but I feel the attack was an American or Americans

 

[frostify]

I'd encourage everyone to do the following:

• Change your password on Epik
• If you use the same password across multiple sites, change all of them to be unique (try a password manager program like BitWarden, LastPass, 1Password).
• Setup 2-factor authentication on Epik
  
• Setup 2-factor authentication on the email associated with your Epik account
• Stop using the Anonymize VPN service until we have more information from Rob/Epik regarding the extent of this alleged hack.
  
• Be extra careful opening emails that claim to be from Epik as they may or may not be phishing attempts by bad actors, especially now that Epik customers may become bigger targets. Check the sender, look for misspellings, report suspicious emails or ask Epik livechat to confirm if they're real if you're unsure. Be mindful when clicking on links and double check the domain in the address bar before typing in sensitive info like logins.
  
• Make sure your security questions are setup properly and cannot easy be guessed or found out.
• Make sure your computer has the latest software updates and run a virus/malware scan to make sure your device is safe. (Malwarebytes, Avast, Windows Defender, etc. whatever program you prefer)

I recommend the free 'Google Authenticator' app on iOS/Android for 2FA.
Optional: use a VPN from ProtonVPN (free option), NordVPN, ExpressVPN, PrivateInternetAccess.

While we still don't have the full details regarding the hack, it's not a bad idea to take a proactive approach and start 'locking down' your accounts now. Still waiting on an official response from Epik. As of right now this is still very much an 'alleged' hack but it certainly doesn't look good.

Remember that if one password is compromised, hackers will likely try that same username/email/password across many different sites and services to see how many locks that key can open which is why it's important to use different passwords. Domain hijackers will almost certainly be trying Epik passwords across various different domain registrars.

 

[Paul]

Since we're continuing to see political arguments in this thread, let's get one thing straight: Anonymous is a movement that favors chaos. It's a loose collection of people who believe they have transcended morals, religion, and politics, and they do not care what ideological stance they take as long as it makes people angry. They'll say whatever they need to say to justify it as hacktivism.

These are not people for whom ideology is a motive; rather, it's a tool. Their mentality is that the universe is nothing but a game and their purpose is to ruin the fun for everybody. They will take whatever ideological stance opposes their target. And they'll relentlessly harass anyone who gets in the way or points out that the only real goal is chaos.

Controversial targets are easy targets: the victims point fingers while the hackers wallow in the chaos.

Don't fall for it.

 

[Jurgen Wolf]

I don't see politics.
Mainly religious fanaticism or discrimination.
Use proper definitions.

 

[tonyk2000]

All you need to do is log in and change the profile to your wife and let her deal with it.
This is too much for a man.

Yeah. If you "verified" your Epik account by uploading (real) ID - then you might really want to change your profile to your wife or another trusted person WITH OTHER REGISTRARS. Worst case scenario: hackers know your real name, have your ID and the list of domains you transferred out from Epik to "registrar X". The said "registrar X" may now receive a password reset request from somebody claiming to be yourself, who simply forgot everything (email, login, password) but faxed to them your real ID... and who knows what else (cc details, bank account number if you used masterbucks to withdraw..)

 

[cabotower]

anybody else getting this when you try epik...

 

[E-Promote]

This attack might be coming from inside, or it may be deeper than what most people think.

The call is coming from inside the house...it's your father and he's been drinking

 

[kam]

Yeah. If you "verified" your Epik account by uploading (real) ID - then you might really want to change your profile to your wife or another trusted person WITH OTHER REGISTRARS. Worst case scenario: hackers know your real name, have your ID and the list of domains you transferred out from Epik to "registrar X". The said "registrar X" may now receive a password reset request from somebody claiming to be yourself, who simply forgot everything (email, login, password) but faxed to them your real ID... and who knows what else (cc details, bank account number if you used masterbucks to withdraw..)

I have no idea if it will as bad as you claimed.
Anyway, many of us still waiting for someone who had download the torrent to talk about what kinds of sensitive information have been massively leaked.