IT.COM

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
5
•••
Fact of the matter is, loads of domain investors have accounts at a dozen or so registrars. You often need to in order to receive domains you buy that are registered at these registrars. It's part of the domain trading business. Obviously not everyone who's had an account at Epik is aligned with the beliefs of Rob Monster. Gotta assume a lot of folks don't realize this though, and some may not care to make the distinction. It's a shame that Epik has dragged so many people into their shitshow.
Me being one of the ones who only had an epik account due to purchased domains.
 
5
•••
2
•••
Yes, this VPN was many times advertised by @Rob Monster

I see. I think the CEO is easily impressed and doesn't know what's going on within the network, really (or does not care). I noticed this in some technical threads on namepros earlier.

upload_2021-9-20_4-18-9.png
 
Last edited:
5
•••
This one is pretty messed up if they stored failed login attempts in plain text. I'm no security expert but a lot of this stuff seems like common sense stuff of what not to do.

We've all probably done this from time to time so certainly concerning, especially if the data goes back 10 years.

Sounds like failed login attempts may have been stored in plaintext as well, meaning passwords you use on other sites may be included in the now-public data dump also.

My suggestion then would be to go through and change your passwords essentially everywhere, ASAP, (and not just domain stuff) if you think you "might" have tried logging in with it at Epik in the last 10 years. This means your emails, crypto, online banking, domain marketplaces & registrars, streaming services, restaurant apps, game apps, etc -- anywhere and everywhere you may have used a potentially-leaked password.

Going forward - be sure to use strong, unique passwords everywhere online. Pain in the ass for sure, but this is the reality of the world we live in.



 
8
•••
"Our engineers believe the hack is of an aged remote backup, not of Epik's core production."

Do these engineers still believe this?

Was all data indeed from a backup, including the many historical .ovpn files?
 
Last edited:
4
•••
Last edited:
1
•••
I left EPIK and DYNADOT at the beginning of 2021 because of concerns about data security and personal privacy.
EPIK's login structure is so large that it's unusual for the same account to be able to log into multiple projects. They are just a registrar now, but it seems that their desire is to create a full ecological platform. When your aspirations are too big, something is bound to go wrong.
 
4
•••
Because of Epik-I am suffering from Domain PTSD, lack or no sex drive, loss of appetite ,loss of hair, loss of enjoyment in life, pain and suffering.....sleepless nites and excruciating frighten nightmares that my domains gone vanish....and worst still in this unprecedented ( I bet you have heard this word unpreceded billions of times already) times, it has excruciated my pain....

lawsuit $$$$ for my domain therapy....
 
5
•••
1
•••
7
•••
The thing that everyone accuses every registrar of doing, logging your searches, Epik WAS PROBABLY DOING THAT?

We'll see.

No conspiracy theory.
 
Last edited:
1
•••
I'm starting to think that Epik should better sell the business asap. With all domains/accounts migrated to another registrar. Bulk domain transfer in such a case would be free (if approved by ICANN I think? needs to be rechecked...) Since Epik was reported to Visa/Mastercard, as some twitter posts suggest, it is far from obvious that their merchant accounts would not be terminated by credit card systems. But, a registrar cannot run accepting crypto and wires only, CC is a must. The problem here is that no registrar would want to receive a number of "toxic" domains (or customers) Epik currently has...
 
2
•••
2
•••

It's NOT TRUE. Some people just make up a story to make the situation worse.
According to the Database Schema
https://pastebin.com/1bLEm78G

The domain_history table was just a list of data contains the operation history of domains. Including the history of unlock domain, change nameserver, set url forwarding etc.

(Above Pastebin link is refer to this post: https://www.namepros.com/posts/8400013/)
 
Last edited:
3
•••
3
•••

My Question is.... As most of these sites left Godaddy for Epik .... where there other hosts that they could have used aside from epik ?? The controversies seem to revolve around Godaddy giving the boot to these sites
 
4
•••
Last edited:
1
•••
I am considering downloading this DB. I'd like to know what exactly is there about my domains, such as whois records of non-epik domains... or something I might purchase @ namejet many years ago ...

The issue I am experiencing is the following: Rob disclosed in video that there are now curses on this dataset.

Ref:

https://en.wikipedia.org/wiki/Pulsa_diNura

(just an example)

I'm just a domainer. Not an exorcist.

Any recommendations (or references to external sources) to remain safe?
 
5
•••
I'm just a domainer. Not an exorcist.

Any recommendations (or references to external sources) to remain safe?

https://dnprotect.com/

Legal
If your domain name is subject to legal action, trademark claim, or UDRP dispute, you’re covered. We’ll defend your domain name using our legal resources.


Theft
If there are any issues related to the domain name ownership, you’re covered under DNProtect’s domain name ownership coverage.


Clerical Errors
Similar to overdraft protection from your bank, if you forget to renew your domain name, we’ll make sure the domain does not go offline.

That may or may not cover curses and data breaches - you'd need to ask the company providing the service, namely Epik.

 
5
•••
5
•••
I think it's better with no approve button right now. With domains at risk in case someone somehow gets a valid auth code for a domain (and maybe is able to login somehow, to unlock a domain too), it allows more time to notice an unauthorized transfer out.

But if you ask support, are they able to expedite it so the transfer goes through?

I pressed them and they auto approved. I disagree its good to wait a week. I have 2Factor on and zero reason to not approve my request. One of the names I sold. Not telling my customer to wait a week 🙄
 
4
•••
When so many different data sets were managed and preserved in this way, it may have been a design choice. The other option is ignorance, I don't know which one is better.
 
5
•••
Just reporting that my 1st batch of Masterbucks withdrawal (100) is successful. As for amount, for this round it's lower, probably due to crypto dipping yesterday, so I won't complain.
 
4
•••
4
•••
Back