alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

I pressed them and they auto approved. I disagree its good to wait a week. I have 2Factor on and zero reason to not approve my request. One of the names I sold. Not telling my customer to wait a week

I think that is a tough situation. They basically went from not being aware of a data breach, to it being some remote backup server, to a situation now where it appears like pretty much all their data was breached.

I doubt Epik really even knows the scale of the data breach. There is a fine line to balance between allowing transfers and protecting customers. It is certainly inconvenient when it comes to doing business though.

Brad

 

[Windoms]

I'm starting to think that Epik should better sell the business asap.

Lol whose buying them no ones crazy.

There goes epiks last fanboy customer.
The lawn is epik's ground.
The tiger is the hackers.
The water is whatever we can find first.

 

[Windoms]

I think they just want to freak us out.
Quite effective if you ask me.

 

[Lox]

For Epik - cover/ secure directories (open folders , etc) @ Fe….Id… and Id,Fe…id…. (/../../../files)

Regards

 

[Shackleton]

I wouldn't give Monster a nickel. Yet he somehow managed to compromise the main e-mail that I've had for more than 20 yrs in this hack. I demand one year of a free credit monitoring service. People better get their Masterbucks out while they can as everything is going to fall apart.

 

[Joe123]

I thought I've had absolutely nothing to do with Epik, I don't recall ever creating an account or doing business with them.

For the heck of it I checked my primary email address on the Have I Been Pwned website. What do you know, but Epik is listed as one of the breaches!

Searching my email history, I discover a solitary email containing the word "epik", from 2015:

Hello Xxxxx:

I am the Client Services Manager here at Epik.com.

According to the most recent published ICANN report, Epik is one of the fastest growing registrars in terms of net domains added. The fact is our customers love us and rewarded us with a 90% growth rate in Q1 2015.

I am wondering if I could get a few minutes of your time to discuss how Epik's full-service registrar and hosting platform can help you to get more out of your domains while simplifying domain management.

Are you available for a quick call?

Thanks!​

 

[DN_Hunter]

I think it's better with no approve button right now. With domains at risk in case someone somehow gets a valid auth code for a domain (and maybe is able to login somehow, to unlock a domain too), it allows more time to notice an unauthorized transfer out.

But if you ask support, are they able to expedite it so the transfer goes through?

Yes, I sent them an email the domain names to Approve Transfer, and my Account Pin# (I changed the PIN# afterwards). They approved the transfer and the domain names transferred out succesfully.

When I do transfers, I don't like to wait the 4-6 days. So I only use Registrars that allow Immediate Transfer Approvals.

 

[Lox]

If PWNED: Domain investors should change the email address - everywhere, every registrar. Create a new email address & start. Don't use your pwned email address for whois. (* A bunch of registrars will impose a 60D lock.) IMO

Regards

 

[dirk]

... In February 2021 epik.com got hacked via their service provide AWS ... And did not notify any customers or clients of these events ....

... The data was released from the data breach of Epik early August 2021 to identify the hackers...

Not gonna send any traffic to the source but if true that's a questionable timeline of events.

 

[Jurgen Wolf]

@Lox
My WHOIS email even in 3 breaches, epik is just 3rd.
Never had any 60d locks with registrars due to this reason.

 

[frank-germany]

I was thinking of such recently without reading anyones info but did not wanted to post because most already think I m crazy.
We the end users have the illusion of security which was created for us, but there are intentional direct access back doors which are created for them, those who rule Echelon project.
Here is something that I experience from when I have begin domaining, every time I don't hand register some specific domains I take a screenshot as evidence for later, the next day I decide to go and hand reg those domains and I see that some of them are already registered with some old reg date, then I go to chk my screenshots and surprise the screenshot is nowhere to be found, I trust my memory and I know I m right.
The domains were hand registered at different registrars but the most frequent was Godaddy you know the DN beast of internet.

go and prove that next time
in posting the screenshot the same day here at namepros

I'm so sick of fake news

 

[frank-germany]

Once again, enough with the flame wars. People are busy trying to figure out how to respond; they don't want to read through pages of the same arguments that have been taking place for years--it's not helpful.

yes, but this place is a forum
so I think
it's the right places to discuss these issues

 

[Lox]

@Lox
My WHOIS email even in 3 breaches, epik is just 3rd.
Never had any 60d locks with registrars due to this reason.

E data; personal info+emails <> domains: has made it less complicated to steal/hijack (valuable) domains. IMO
----
If registrar doesn't use " internal whois change", the 60d lock can be forced.

 

[Jurgen Wolf]

https://www.internetx.com/en/domains/become-a-reseller/
Submit this form - and they will answer all your questions.
I'm not their representative and not their partner.

Prices depend on your volume.
That's all I can say.

I know at least 2 domainers there...
Were no complaints regarding quality of their service.

 

[Lox]

.

My prediction: After this, a capital injection will be used to expand the E ecosystem operation.

My prediction is not valid anymore.

 

[Samer]

This is a fake terrorist Anonymous.

Samer

 

[robs01]

Why is it that we have the same commenters going on and on and on and on and on and on with hammering Epik on this, and pushing that people get away from them? How many comments have the same people done in this one thread?

This behavior would/should under normal circumstances be labelled as trolling, yet nobody says a word about it. It is identical to what the corrupted media does against Epik. I wonder if this is deliberate, or if they simply don't realize the excessive obsessiveness of what they are doing?

 

[dirk]

Why is it that we have the same commenters going on and on and on and on and on and on with hammering Epik on this, and pushing that people get away from them? How many comments have the same people done in this one thread?

This behavior would/should under normal circumstances be labelled as trolling, yet nobody says a word about it. It is identical to what the corrupted media does against Epik. I wonder if this is deliberate, or if they simply don't realize the excessive obsessiveness of what they are doing?

It has nothing to do with Epik. It's about warning people so they can keep their assets safe. Since communication from E is underwhelming Its only a good thing people keep adding info to this thread.

 

[Jurgen Wolf]

I use Epik for MANY years and also MANY my domains there...
And they offered only hugs.

 

[oldtimer]

Why is it that we have the same commenters going on and on and on and on and on and on with hammering Epik on this, and pushing that people get away from them? How many comments have the same people done in this one thread?

This behavior would/should under normal circumstances be labelled as trolling, yet nobody says a word about it. It is identical to what the corrupted media does against Epik. I wonder if this is deliberate, or if they simply don't realize the excessive obsessiveness of what they are doing?

Good points,

There are mainly two reasons for this:

Money

and

Politics

When it comes to money you have to realize that there might be hidden loyalties and alliances behind the scenes between some domainers and other registrars that see this as an opportunity to take one of their competitors out and perhaps take over some of their customers.

And as far as politics go, well we all know that some people seem to have an ideological vendetta against Epik that has been going on for a long time and rightly or wrongly they see this as an opportunity to vent some of their frustrations.

The only way to have a positive ending to this situation is to use this opportunity to bring some reforms to Epik and to the domain Industry at large (perhaps even to NamePros too).

IMO