IT.COM

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
trhalt.PNG


So.. it seems you can no longer initiate transfers from Epik?
 
6
•••
1
•••
That said, I'm not sure what all has or hasn't been 100% confirmed true about the leak - don't want to spread anything unsubstantiated - but maybe something could be done.

I'd prefer not to do anything drastic until I've personally had more time to review the data. We've reached the point in a big breach when people start echoing distorted and misleading conclusions. There's just too much data--and too much noise.

It's quite difficult to collaborate with other researchers and filter out the noise when politics are front and center--and it's hard for people to talk about Epik without getting political. Emotions get out of hand and people exaggerate or jump to conclusions--understandably, of course, but it does muddy the waters.
 
12
•••
This is related to the harassment campaign against Wiki editor Molly White -

https://www.namepros.com/threads/epik-wikipedia-battle-is-full-on-right-now.1186029/

E_lPkyGX0AUrUEp



Molly White
@molly0xFFF

Hey

@robmonster
, you've had a lot to say about the "sins" of the people who hacked your company. What was "christlike" about siccing your "private investigator" on me to publish my address, dox my family (including posting photos of young children in my family), and threaten me?

1:50 PM · Sep 18, 2021·TweetDeck


Molly White
@molly0xFFF


Was sending physical addresses of me and my family to violent neofascists, publishing lies about me ("drug addiction to MDMA", really?), trying to email my family and their respective companies all at your instruction too or did he just throw that in as a freebie?

2:00 PM · Sep 18, 2021·Twitter Web App



Molly White
@molly0xFFF

Anyway I've suddenly miraculously found the motivation to transcribe that video of Rob Monster's bonkers press conference for people who don't want to watch 3+ hours of video, so I'll have that up shortly. #EpikFail

2:23 PM · Sep 18, 2021·TweetDeck

Sad story. If you follow Molly you'll encounter a lot of stuff she's had to deal with. Sick people. Goes beyond the imaginable.
 
4
•••
Sad story. If you follow Molly you'll encounter a lot of stuff she's had to deal with. Sick people. Goes beyond the imaginable.

Yes, the attack on her was reprehensible. She was intimidated, doxxed, and threatened by Epik related parties. Now it appears to go far deeper than just some random events of chance. It appears to have been some orchestrated campaign.

Brad
 
Last edited:
9
•••
Last edited:
4
•••
True, I mentioned the date and compared it to domainnamestat.com's graph going back to Sept 2020, to show that domainnamestat.com's numbers were 50% lower than DomainState's numbers.

Just to show that the numbers aren't necessarily accurate. Although the upcoming deletions number probably is, because I think registries report those.
They don't report them in the registrar reports. It looks like an attempt to link prior registrations with pending renewals but the problem is that the prior year's registrations by month do not align with the current year by month.There's a site RegistrarOwl.com that may have more accurate figures based on the reports.

Claims about "pending deletions", unless they are based on actual registry data, are not accurate.

Regards...jmcc
 
3
•••
Rob is reading this thread and pm'ed you that?
Come and speak @Rob Monster I know once you post there will be 250 more messages with accusations, questions, concerns, but you should make a statement.
I am very concerned my financial information or more has been exposed. Speak up, make samer happy if you did too
Rob just DM'ed me: since the incident, we have had more domains arrive than leave.
Only this, no any other explanation.
 
8
•••
6
•••
They don't report them in the registrar reports. It looks like an attempt to link prior registrations with pending renewals but the problem is that the prior year's registrations by month do not align with the current year by month.There's a site RegistrarOwl.com that may have more accurate figures based on the reports.

Claims about "pending deletions", unless they are based on actual registry data, are not accurate.

Regards...jmcc

But for example, I've seen this before, where the .biz registry has a list of .biz domains in redemption:
https://www.home.neustar/redemption-grace-period-reports

So I assume sites like domainnamestat.com would simply check which registrar each domain is at, to come up with numbers for "upcoming deletions"?

I don't know, that's just what my guess was though.
 
Last edited:
2
•••
7
•••
I will replace my CC in the nearest time, thanks to Swiss bank of domains.
Regarding transfer-outs - after my next sale, no budget right now.
 
Last edited:
6
•••
5
•••
8
•••
I am very concerned my financial information or more has been exposed.

Agreed!

Speaking of which, time to go cancel credit cards, and do the security rounds.

Legally speaking, if we haven't received an official notice from epik, and if epiks loss of personal information directly causes financial harm to epik customers, would epik be open for a class action lawsuit if enough customers were effected?

It seems the hackers should be open to legal action if anything nefarious is done with epik customer information, but at a certain point, when does a registrars pre or post (in)action result in liable negligence?

Is the onus on epik customers to be following internet threads and twitter, to stay informed, and take it upon ourselves to proactively cancel all payment information, change domain WHOIS information, passwords, etc?

Or are we to expect some kind of divine intervention where the cursed data will miraculously disappear?
 
Last edited:
12
•••
Yikes. Obviously a lot of stuff going on behind the scenes with RM & Epik that most NPers aren't aware of...... wow.
 
4
•••
It seems some members received an email from Epik, and perhaps others didn't (or it went to spam, etc).

Mine arrived 9/15 at 3:07 pm EDT
 
Last edited:
3
•••
But for example, I've seen this before, where the .biz registry has a list of .biz domains in redemption:
https://www.home.neustar/redemption-grace-period-reports

So I assume sites like domainnamestat.com would simply check which registrar each domain is at, to come up with numbers for "upcoming deletions"?

I don't know, that's just what my guess was though.
The RGP data became valuable as drop catchers emerged. The whole renewal/deletion cycle was subverted by registrars so that domain names no longer expire and drop in the intended manner.

Some sites try to reconstruct or monitor grace period domain names but this is actually quite difficult. It generally requires the domain name's initial WHOIS data and registration period. The links on the Neustar site above don't work. Neustar's registry business is now owned by Godaddy and some elements of the transition are still pending. The registries are generally the most reliable sources for this data but they are reluctant to publish a lot of important data to the public (rather than accredited registrars).

Regards...jmcc
 
Last edited:
4
•••
It seems the hackers should be open to legal action if anything nefarious is done with my information, but at a certain point, when does a registrars pre or post (in)action result in liable negligence.

The company is liable now. In the past large companies have paid out collectively billions in compensation for data breaches either via class action lawsuits, or via settlements that require services to be provided such as credit monitoring.

It clearly seems like there was security negligence here. On top of that it sure doesn't seem like Epik has been real straightforward on how deep the hack went. They have also provided no guidance or solutions for customers to deal with it.

Epik though is not Microsoft, Verizon, T-mobile, etc. They are a relatively small company that likely won't be able to weather the storm like large companies worth hundreds of billions or trillions can.

They have a much smaller customer base. This is not a company with a hundred million customers.

Brad
 
Last edited:
1
•••
Cybersecurity, brought to you by thoughts and prayers.

I don't know about you, but I would rather have qualified people in the role.

Epik has still basically taken no responsibly in their failure to safeguard customer's data. Not only that, they just seem to be ignoring how complete and disastrous this hack was in the first place.

https://www.wired.com/story/anonymous-leaked-data-from-right-wing-web-host-epik/

Ignore, deflect, blame is not going to work.

At this point, how could even the biggest Epik supporters feel comfortable with their response? They are basically leaving customers out there on their own with no further information or guidance on what they should be doing.

Brad

I doubt they know the extent of the breach; it may require replacing hardware and reinstalling several operating systems. Giving out too much information could be harmful.

Rob is doing a terrible job of managing publicity and his reputation. He needs to hire an expert spokesperson yesterday.
 
8
•••
It seems some members received an email from Epik, and perhaps others didn't (or it went to spam, etc).

Mine arrived 9/15 at 3:07 pm EDT

I did receive an email from them some days ago about an alleged breach. They know better. They are withholding facts from their customers and are putting them in harms way, unnecessary.

They should report, disclose and advise. Simple as that.
 
6
•••
2
•••
1
•••
When will Epik do the bare minimum and offer free credit monitoring services to all those impacted by the breach?
 
5
•••
It seems some members received an email from Epik, and perhaps others didn't (or it went to spam, etc).

Mine arrived 9/15 at 3:07 pm EDT

I received it.

But as @Molly White tweeted yesterday morning 9/17, "...epik customers haven't been informed of the severity of the hack, beyond that there was "an alleged security incident"..."

...

upload_2021-9-18_15-52-11.png



...

If not for reading twitter or this namePros, I would have no idea as to if any after action is needed after receiving such a vague email unknowing if any security event actually occurred, seeing it nonchalantly described as an alleged security event involving epik.

With such a casual description as an alleged security incident, customers have no way of knowing if that means hacked information, or if epik unknowingly hired an employee from russia's internet research agency or some other spy agency, or if a toaster caught fire near the server room. At this point, any real guidance or follow-up, is growing more overdue as more time passes with an assumed majority of the customer base out of the loop of the severity of the breach.
 
Last edited:
12
•••
Back