alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

I'm not going to link to the tweet, for security purposes. But I'm seeing a tweet with sensitive info and I recognized the email as a NPer, so I've DM'd that member. Everyone here who's ever used Epik really needs to take this seriously.

Addition: NamePros members could request [Epik] to mark their account for special NamePros pricing, so I guess there is an administration of this as well, which matches the Epik account with the nP account / forum name.

 

[Mr. Deleted]

I have never heard about Gab, Parler etc.
I see them firstly in this thread...
@Rob Monster , why their problems are mine now?

Gab, after they bought the domain name gab.com had Godaddy attacked them and they were told they had to move it to a new registrar and Epik became the registrar as godaddy was not for the free speech.

 

[bmugford]

This stuff is all over Twitter now. It just keeps getting worse and worse.

Countless people are wondering how they ended up in a data breach from a company they never even heard of. Many of these comments are in response to emails from "Have I Been Pwned" regarding the hack.

Brad

 

[Lox]

Addition: NamePros members could request [Epik] to mark their account for special NamePros pricing, so I guess there is an administration of this as well, which matches the Epik account with the nP account / forum name.

 

[Jurgen Wolf]

This stuff is all over Twitter now. It just keeps getting worse and worse.

Countless people are wondering how they ended up in a data breach from a company they never even heard of. Many of these comments are in response to emails from "Have I Been Pwned" regarding the hack.

Brad

Epik has hugs for everyone... and $6.99 .com transfer...

 

[Grilled]

Addition: NamePros members could request [Epik] to mark their account for special NamePros pricing, so I guess there is an administration of this as well, which matches the Epik account with the nP account / forum name.

tagging:

@Paul :: does this theory make epik namePros members more vulnerable? eg the potential for an epik nP member doxxing repository? Or hacked nP accounts? If so, is this a good time to allow namePros to delete direct message threads? It's always baffled me that direct messages didn't work similar to email in that of send/receive/delete capability.

@Rob Monster -- was this data lost as well? eg. profile names with real names, addresses, passwords, etc associated with validating namepros members special pricing?

 

[Jurgen Wolf]

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

COM - 327,803

Today it shows 400K .com

 

[johnn]

Will there be complaints (FBI & IC3.gov) and lawsuits coming. Maybe.
Luckily Epik is a private company otherwise the stocks will go down to 2 cents
Cut the corner in security - store data in plaintext, hire cheap employees - so he can make a dollar more and spam to customers that he can provide good pricing is wrong.
You get what you paid for.

It's just a matter of time before the boat will sink. Jump when you can.

 

[Grilled]

Side note: obviously, being a public forum, some of the replies to this thread are now circulating on Twitter.

Twitter verified ☑

https://twitter.com/x/status/1439705083483205640

 

[blockhead]

Fact of the matter is, loads of domain investors have accounts at a dozen or so registrars. You often need to in order to receive domains you buy that are registered at these registrars. It's part of the domain trading business. Obviously not everyone who's had an account at Epik is aligned with the beliefs of Rob Monster. Gotta assume a lot of folks don't realize this though, and some may not care to make the distinction. It's a shame that Epik has dragged so many people into their shitshow.

 

[Start]

No approve button

I think it's better with no approve button right now. With domains at risk in case someone somehow gets a valid auth code for a domain (and maybe is able to login somehow, to unlock a domain too), it allows more time to notice an unauthorized transfer out.

But if you ask support, are they able to expedite it so the transfer goes through?

 

[Mr. Deleted]

Today it shows 400K .com

1400 .bible, seems they are the #1 .bible registrar lol I didnt even know there was such an extension though I knew of .church.

 

[Jurgen Wolf]

I agree, instant approval is very dangerous now.
So don't panic and don't complain, just transfer with standard duration of ~6 days.

 

[Future Sensors]

In the message it says they're releasing 500k private keys, musing that they don't even know what they're for.

Probably these .ovpn files and more.

https://twitter.com/x/status/1439051886963961858

 

[Jurgen Wolf]

Yes, this VPN was many times advertised by @Rob Monster

 

[Future Sensors]

Yes, this VPN was many times advertised by @Rob Monster

Recommended reading for Rob, then:

https://www.schneier.com/essays/archives/1998/01/security_pitfalls_in.html

 

[JordanH]

Fact of the matter is, loads of domain investors have accounts at a dozen or so registrars. You often need to in order to receive domains you buy that are registered at these registrars. It's part of the domain trading business. Obviously not everyone who's had an account at Epik is aligned with the beliefs of Rob Monster. Gotta assume a lot of folks don't realize this though, and some may not care to make the distinction. It's a shame that Epik has dragged so many people into their shitshow.

Me being one of the ones who only had an epik account due to purchased domains.

 

[Grilled]

https://twitter.com/x/status/1439730338993999874

 

[Future Sensors]

Yes, this VPN was many times advertised by @Rob Monster

I see. I think the CEO is easily impressed and doesn't know what's going on within the network, really (or does not care). I noticed this in some technical threads on namepros earlier.

 

[pchip]

This one is pretty messed up if they stored failed login attempts in plain text. I'm no security expert but a lot of this stuff seems like common sense stuff of what not to do.

We've all probably done this from time to time so certainly concerning, especially if the data goes back 10 years.

Sounds like failed login attempts may have been stored in plaintext as well, meaning passwords you use on other sites may be included in the now-public data dump also.

My suggestion then would be to go through and change your passwords essentially everywhere, ASAP, (and not just domain stuff) if you think you "might" have tried logging in with it at Epik in the last 10 years. This means your emails, crypto, online banking, domain marketplaces & registrars, streaming services, restaurant apps, game apps, etc -- anywhere and everywhere you may have used a potentially-leaked password.

Going forward - be sure to use strong, unique passwords everywhere online. Pain in the ass for sure, but this is the reality of the world we live in.

https://twitter.com/x/status/1439563341505171458

https://twitter.com/x/status/1439563365458849793