alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[dirk]

It seems some members received an email from Epik, and perhaps others didn't (or it went to spam, etc).

Mine arrived 9/15 at 3:07 pm EDT

I did receive an email from them some days ago about an alleged breach. They know better. They are withholding facts from their customers and are putting them in harms way, unnecessary.

They should report, disclose and advise. Simple as that.

 

[Lox]

... miraculously disappear?

miraculously.com is for sale
disappear.com will no longer be able to offer you services

 

[mr-x]

@Molly White

https://twitter.com/x/status/1439287162818764800

Show attachment 199672

...

Show attachment 199673

https://twitter.com/x/status/1438911424156274690

Sounds like they deserve each other.

 

[Shackleton]

When will Epik do the bare minimum and offer free credit monitoring services to all those impacted by the breach?

 

[Grilled]

It seems some members received an email from Epik, and perhaps others didn't (or it went to spam, etc).

Mine arrived 9/15 at 3:07 pm EDT

I received it.

But as @Molly White tweeted yesterday morning 9/17, "...epik customers haven't been informed of the severity of the hack, beyond that there was "an alleged security incident"..."

...

...

If not for reading twitter or this namePros, I would have no idea as to if any after action is needed after receiving such a vague email unknowing if any security event actually occurred, seeing it nonchalantly described as an alleged security event involving epik.

With such a casual description as an alleged security incident, customers have no way of knowing if that means hacked information, or if epik unknowingly hired an employee from russia's internet research agency or some other spy agency, or if a toaster caught fire near the server room. At this point, any real guidance or follow-up, is growing more overdue as more time passes with an assumed majority of the customer base out of the loop of the severity of the breach.

 

[blockhead]

I agree 100%, the email did not properly address the situation at all - in fact it downplayed the situation imho.

Precautionary? Alleged? C'mon.

 

[bmugford]

Emma Best
@NatSecGeek

Rob Monster describing Joey Camp trespassing while doing unlicensed PI work for him is an interesting admission. Joey seemed to confirm it in his lil 'press release', so I'm sure it'll be brought up in Rob's inevitable FBI interviews

11:03 AM · Sep 18, 2021·Twitter Web App

 

[bmugford]

They should report, disclose and advise. Simple as that.

What you don't think deny, deflect, blame others is a viable strategy?

Brad

 

[dirk]

What you don't think deny, deflect, blame others is a viable strategy?

Brad

Lol, has been working for E up until now I guess so who knows .

Nah seriously, Said it before, their downfall will be the way they handle this thing. Sheer arrogance and incompetence.

 

[Bravo Mod Team]

https://www.troyhunt.com/weekly-update-261/

Weekly Update 261

Never a dull moment! [...] A few other random things in this weeks vid, the one worth following up on here though is the promised tweet about how to handle the Epik breach and the result so far is, well, let's just say I think I nailed the public sentiment in the video [...]​

Additions to the quote above:

Troy Hunt talks about Epik from 27:23 to 43:30.

If you don't know:

• Troy Hunt is a well-known, well-respected security expert.
• He operates Have I Been Pwned?, which he mentions in the video while talking about Epik.
• Learn more: https://en.wikipedia.org/wiki/Troy_Hunt

 

[dirk]

Anyone tried to withdraw funds over the past few days? I want to clear out some balance left but not sure crypto is the safe way to go...

 

[dirk]

The video q&a transcript, unfinished, to be updated:
https://blog.mollywhite.net/monster-qa/

 

[mr-x]

Emma Best
@NatSecGeek

Rob Monster describing Joey Camp trespassing while doing unlicensed PI work for him is an interesting admission. Joey seemed to confirm it in his lil 'press release', so I'm sure it'll be brought up in Rob's inevitable FBI interviews

11:03 AM · Sep 18, 2021·Twitter Web App

Show attachment 199677

What's your point? The hack was justified?

 

[dirk]

Federated Identity. That product is going to be rebranded soon, it’ll be called Valido.com…

Edit: transcript shows the wrong domain. Edited to share the right one.

 

[bmugford]

What's your point? The hack was justified?

Nope. Please don't try to put words into my mouth.

I feel for the customers who are dealing with this hack and lack of information and guidance from Epik. I have an Epik account from many years ago, so at least some of my information was likely included in the data breach as well.

Brad

 

[Future Sensors]

Rob, I know you're reading, appreciate it.

Here's some good advice.

https://response.pagerduty.com/during/security_incident_response/#external-communication

 

[bmugford]

Rob, I know you're reading, appreciate it.

Here's some good advice.

https://response.pagerduty.com/during/security_incident_response/#external-communication

• Include the date in the title of any announcement so that it's never confused for a potential new breach.
• Don't say "We take security very seriously." It makes everyone cringe when they read it.
• Be honest, accept responsibility, and present the facts, along with exactly how we plan to prevent such things in future.
• Be as detailed as possible with the timeline.
• Be as detailed as possible in what information was compromised and how it affects customers. If we were storing something we shouldn't have been, be honest about it. It'll come out later and it'll be much worse.
• Don't name and shame any external parties that might have caused the compromise. It's bad form. (Unless they've already publicly disclosed, in which case we can link to their disclosure).
• Release the external communication as soon as possible, preferably within a few days of the compromise. The longer you wait, the worse it will be.
• If possible, get in touch with customers' internal security teams before the general public notice is sent.

 

[Bob Hawkes]

It appears that transfer out of domain names is not operational now. At least yesterday it was possible to get Auth Code but, at least for me, not currently.

I agree we badly need some update with precise information especially regarding payment methods security, whether the method used in hack has been identified and if so has for sure been fixed, and other important information regarding steps that those with assets there should be taking, as well as what steps Epik are taking.

Bob

Edit: I mean not possible directly. I did not contact customer support to see if there was another way. I presume they are overwhelmed with inquiries.

 

[Jurgen Wolf]

If transfer-out doesn't work at all - it is against ICANN rules.

 

[dirk]

If transfer-out doesn't work at all - it is against ICANN rules.

Not necessarily. They will probably be provided through support which isn't against ICANN rules.

Edit:

You could argue the reason for this limitation. Are they afraid of domains being stolen, or do they want to prevent people moving away en masse.