alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

Upcoming deletes 279,329 (45.57%)

Hmm. What is going on there?

Brad

 

[Jurgen Wolf]

If you control registrar - you can send any existent list of domains to Redemption Period...

 

[Lox]

Interview September 2021 - YT link

 

[tonyk2000]

Offtopic (somewhat). Mods are welcome to delete. But, it is weekend...

 

[DN_Hunter]

Has anyone been able to Transfer OUT using the APPROVE TRANSFER button? Right now when I hit the APPROVE Transfer button, I get a message that says
"Currently approve is not available"

 

[DrJacoby]

Monster also called upon Jesus to rebuke any demons that he believed could be present at the conference.

He should have called upon the Jesus to rebuke any Monsters attending the conference.

 

[BridgeFlows]

So are there any case of stolen domain after this breach ?
I doubt that it make any sense for hackers to steal domains. Usually they're stealing private data, cards etc.

 

[tonyk2000]

Has anyone been able to Transfer OUT using the APPROVE TRANSFER button? Right now when I hit the APPROVE Transfer button, I get a message that says
"Currently approve is not available"

A good sign actually. Not to say that it should work this way, but... what if somebody is trying to steal domains as the result of the breach?

 

[Shackleton]

What is the significance of this? Why are all those domains being deleted?

 

[Jurgen Wolf]

What is the significance of this? Why are all those domains being deleted?

Read answers above and ask Epik directly.

 

[Windoms]

So are there any case of stolen domain after this breach ?
I doubt that it make any sense for hackers to steal domains. Usually they're stealing private data, cards etc.

Theres 600,000 registered domains at epik.
280,000 upcoming deletes (45%).
Sounds worse than stolen domains.

Apparently theyve been behind trenches since february so who knows what theyve had time to do/build.

 

[Shackleton]

The drop-catching companies are going to be busy with all those domains being deleted.

 

[Jurgen Wolf]

Think about YOUR domains, not about these companies.

 

[BridgeFlows]

Theres 600,000 registered domains at epik.
280,000 upcoming deletes (45%).
Sounds worse than stolen domains.

Apparently theyve been behind trenches since february so who knows what theyve had time to do/build.

one of the possibilities is that they switch off the notifications for renewals, so that the account owner wont see moves or anything coming from Epik.

I am trying to recover the password, and it's not working, seems like. According to whois the 1 domain name I a have at Epik did not move though. At least out of Epik not.

 

[Shackleton]

My domains are at Dynadot.

 

[biggie]

He should have called upon the Jesus to rebuke any Monsters attending the conference.

Hi

now that, made me laugh out loud

imo...

 

[Kingslayer]

Think about YOUR domains, not about these companies.

That’s it. In this thread I've read a few posts from people saying people here must support Epik, no one owes Epik anything though.

Business is business at the end of the day, Epik (and any business) act in their best interests, so you’ve got to do what’s best for you, if you are happy with Epik and if you feel your assets and personal information are safe at Epik (equally as safe as any other domain registrar), that’s great stick with them, but any doubts what so ever get out of there.

Your domain names are potentially expensive assets at the end of the day.

 

[Paul]

Forcing reset of all passwords? First, NP will not need to analyze epik dump at all. Second, it would not make any sense for the current hacker, or any other hackers (there should be many) to start another credential stuffing attack with epik db data...

Our biggest concern with this approach is that the email accounts may be compromised or the email domains may have dropped. It’s going to require a little more nuance than a global password reset, unfortunately.

Were this any other industry, a global password reset might make sense, but domainers tend to use their own domains for email.

 

[Windoms]

That’s it. In this thread I've read a few posts from people saying people here must support Epik, no one owes Epik anything though.

Business is business at the end of the day, Epik (and any business) act in their best interests, so you’ve got to do what’s best for you, if you are happy with Epik and if you feel your assets and personal information are safe at Epik (equally as safe as any other domain registrar), that’s great stick with them, but any doubts what so ever get out of there.

Your domain names are potentially expensive assets at the end of the day.

I have no tech knowledge all i see is legions live peaking over cantonese firewall laughing at my weak password ready to steal my 3digit cc verification code.
Lol.

Im not playing russian roulette with a heavily breached registrar and a fake it til you make it CEO whose hiding info.
Nope.

 

[Jurgen Wolf]

@Silentptnr
"May" should be removed from the thread title, it is a fact already.