alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[jmcc]

Just reading some of the commentary about the WHOIS data on Twitter. It seems that some of those covering the story don't realise that WHOIS data (at least prior to May 2018) was largely public. Many of the e-mail addresses in the scraped WHOIS records would already have been public. What makes the dataset problematic is that the WHOIS record may link the e-mail address with a real-world identity on a large scale for a lot of e-mail addresses.

Regards...jmcc

 

[bmugford]

French magazine Le Monde, just retweeted this hack to their 9.3M followers on Twitter. It is only a matter of time until this is picked up by the true mainstream outlets in the US.

Brad

 

[oldtimer]

Just reading some of the commentary about the WHOIS data on Twitter. It seems that some of those covering the story don't realise that WHOIS data (at least prior to May 2018) was largely public. Many of the e-mail addresses in the scraped WHOIS records would already have been public. What makes the dataset problematic is that the WHOIS record may link the e-mail address with a real-world identity on a large scale for a lot of e-mail addresses.

Regards...jmcc

Is this a problem with Epik only or are there others that are also scraping and storing Whois info.

 

[jmcc]

Yes, eventually ICANN might have something to say about this.

The WHOIS problem is a major topic, Brad,
Some of the discussions have focused on a natural person (individual) versus a legal person (a company) and a potential field in the WHOIS data to identify the registrant type. The natural person's data would not be publically disclosed.

I am not sure of what, if any, potential ICANN policies might have been in play here when it comes to scraping, storing, and protecting WHOIS information. I am also not sure how GDPR might come into play with this data.

The GDPR stuff is a minefield. Arguably, those companies categorising Epik registrants on the basis of their political or religious beliefs using the leaked data may have also broken GDRP regulations.(This is what happens when people with a 16th century understanding of the Internet are allowed to make regulations for it.)

This is the GDPR explanation from the Irish Data Protection Commissioner:
https://www.dataprotection.ie/en/who-we-are/data-protection-legislation

This is the EU explanation:
https://gdpr.eu/what-is-gdpr/

Regards...jmcc

 

[jmcc]

Is this a problem with Epik only or are there others that are also scraping and storing Whois info.

Epik is quite a small player in this respect. There are many others who do it on a much larger scale.

Regards...jmcc

 

[bmugford]

Daniel Hosterman
@dhosterman
It is absolutely wild seeing Epik store CC# in MD5 hashes, often with the first and last 4 digits available, leaving an 8 character, numeric only search space. Helpfully, they also store CVV numbers and addresses, so it's an early Xmas for any industrious young hacker. #EpikFail
10:14 AM · Sep 20, 2021

Replying to
@dhosterman
Can knock one of these out in 1 minute, 23 seconds.

 

[carob]

Just reading some of the commentary about the WHOIS data on Twitter. It seems that some of those covering the story don't realise that WHOIS data (at least prior to May 2018) was largely public. Many of the e-mail addresses in the scraped WHOIS records would already have been public. What makes the dataset problematic is that the WHOIS record may link the e-mail address with a real-world identity on a large scale for a lot of e-mail addresses.

Regards...jmcc

Yes the data was public in 2018 and prior to that others were scraping it - DomainTools.com offer paid
access to historic WHOIS data in their archive.

BUT under GDPR you can only collect data you actually need and keep for as long as the need exists - basically unless there is a case for keeping it, there needs to be a rolling program of deletion. And data subjects have the right to access, correct, and request deletion of all data related to them.

So all EU citizens and residents could contact Epik asking what data Epik holds on them and requesting deletion.

 

[Grilled]

Why is it that we have the same commenters going on and on and on and on and on and on with hammering Epik on this, and pushing that people get away from them?

Well, somebody has to keep up with the updates. Your first post questioned the validity of the hack, with some ill-research conspiracy theories included.

How many comments have the same people done in this one thread?

Since you're asking, you have two comments in this thread. We're still waiting for your third, Mr(s)Robs.

Have Joey's twitter accounts been closed now? Cant find the ones in your screenshot, one says suspended.
https://twitter.com/yourdaddyjoey

I noticed the same. I suspect the screenshots within the tweets are from Joey's Gab or other media The tweet came from @NatSecGeek who is listed as the co-founder of DDOSecrets, so I assume her tweets to be credible, and not photoshopped.

Here's one more about Joey:::

https://twitter.com/x/status/1439957860289499136

I suppose this is a little more on topic/relevant than Robs1 head in the sand approach, but I wonder how relevant Joey is to this thread besides, possibly being used by epik to harass @Molly White and maybe a few others as it appears Joey had allegedly been paid $2,000 by Mr. Monster. I questioned if I should have included that last tweet, but since it was domain related, and leftover fodder, I posted the tweet for anyone following this Joey drama subset.

twitter bio says “Founder of # Anonymous (yes that one)”

This is why you’re my favorite # websleuth.
RIGHT to the source! Didnt know that easy.

Probably a mediocre fallguy who doesnt know the meaning of Anonymous. enjoy “fodder”

Samer

@Samer --- you know the saying, if you have nothing nice to say, don't say it at all? Well, in this case, if you don't know what you're talking about, the same rule should apply.

https://twitter.com/x/status/1439855488037003265

I know you're against main stream social media, but even you can become world favorite "web twitter sleuth" with this little function on twitter called "search". See below screenshot:

https://twitter.com/search?q=#epikfail namepros&src=typed_query

Or strive to become favorite Twitter sleuth 2.0 (VERY NICE, how much?), when you're ready, you can graduate to twitter advanced search < https://twitter.com/search-advanced?lang=en > . ****Just make sure you read the manual first so you don't break anything.

 

[oldtimer]

Epik is quite a small player in this respect. There are many others who do it on a much larger scale.

Regards...jmcc

So perhaps many of the problems that everyone is focusing on concerning Epik needs to be addressed at a much larger scale.

Hence the need for some Reforms across the board.

IMO

 

[frank-germany]

I know at least 2 domainers there...
Were no complaints regarding quality of their service.

I use them too

 

[frank-germany]

Why do you want to give them a chance when you run a business and they screwed up with your data and messed up your life?
Do they seem to care?

yes, Rob told me,
that he was praying for me

and thanked me for praying for him
- which I never did -

 

[jmcc]

Yes the data was public in 2018 and prior to that others were scraping it - DomainTools.com offer paid
access to historic WHOIS data in their archive.

A lot of the EU based WHOIS servers redact personal information now. Even non-EU based registrars redact the data of EU citizens. Some ccTLD registries have gone completely dark.

So all EU citizens and residents could contact Epik asking what data Epik holds on them and requesting deletion.

That would be a lot of e-mails.

Regards...jmcc

 

[Grilled]

https://twitter.com/x/status/1439933081880776704

Regarding emails that were included in the breach that had nothing to do with epik, rather related to historical whois (possibly related to epik's whoq.com?) as I think Troy Hunt alluded to that theory as why his info might have been included.

https://twitter.com/x/status/1439708848659464193

...

I wonder if Troy's email or others who have nothing to do with epik, was included in the breach had something to do with epiks Whoq.com project?

If so, what does that say about data protection/harvesting by historical WHOIS services such as DomainTools, DomainIQ, Whoxy, and others who have amassed millions of email address and domain associations?

 

[Windoms]

French magazine Le Monde, just retweeted this hack to their 9.3M followers on Twitter. It is only a matter of time until this is picked up by the true mainstream outlets in the US.

Brad

And its very bad.
I speak french fluently, they are basically saying

"Epik a company that presents itself as the swiss bank of domains, accepts almost all clients, with a marked preference for the far right."

"The data stolen from the registrar is particularly sensitive and, it seems, very poorly protected."

"Militants and researchers already used the data to identify owners of far right websites and others used for crooking people."

Then they said the leak made all customers furious and epik's response was bad. They talk about the videoconference
"The discussion, which lasted three and a half hours and which is available on Youtube, is possibly one of the strangest responses to a computer security incident in history."

Then they show who was present at the videoconference, this guy

Then they talk about Rob, a man who presents himself as the Lex Luthor of the internet and who pubicly defended David Duke from the KKK.

Then the neo zeland incident where Rob showed the video on twitter. They say Bradden Pollock left epik's board because Rob organized a meeting where the video was shown in the company's office, they say it was obligatory for all employees to watch it.
Etc..

So you see the tone.
LeMonde is mainstream media.
So its definitively getting picked up CNN BBC etc..

 

[CraigD]

Exposed addresses could also be tech or admin contacts.

If you're a web developer or techie, and your client the domain owner transfers to Epik to save a few bucks on renewal, your email address is still going to populate that field, like it or not.

 

[Grilled]

Yes, the attack on her was reprehensible. She was intimidated, doxxed, and threatened by Epik related parties. Now it appears to go far deeper than just some random events of chance. It appears to have been some orchestrated campaign.

Brad

Welp, this just went out to 19.6k followers::

https://twitter.com/x/status/1439784126647767041

 

[Grilled]

They say Bradden Pollock left epik's board because Rob organized a meeting where the video was shown in the company's office, they say it was obligatory for all employees to watch it.

Any more info on this? When did he resign? What was the obligatory video? tagging @Braden Pollock

Has any domain news blogs covered/confirmed this yet?
tagging @EJS @OnlineDomainCom @equity78 @Domain Shane

 

[Windoms]

Any more info on this? When did he resign? What was the obligatory video?

@Braden Pollock

Has any domain news blogs covered/confirmed this yet? @EJS @OnlineDomainCom @equity78

"Investor Braden Pollock had announced that he was stepping down from Epik's board of directors after Rob Monster arranged for a screening of the video, which was mandatory for all employees to view, in the company's office".

Thats all they say.

I had no idea that happened, maybe its new info, idk.

 

[carob]

Any more info on this? When did he resign? What was the obligatory video? tagging @Braden Pollock

Has any domain news blogs covered/confirmed this yet?

https://www.namepros.com/threads/braden-pollock-steps-down-from-epik-bod.1194548/

re video try this: https://www.namepros.com/threads/whats-going-on-with-epik-and-rob-monster.1128748/

 

[Grilled]

Thats all they say.

I had no idea that happened, maybe its new info, idk.

The article links a now deleted/archive 2020 tweet by @Braden Pollock from 2020; so old news.

Une conviction qu’il avait par ailleurs voulu partager avec ses employés : l’investisseur Braden Pollock avait annoncé <https://web.archive.org/web/2020061....com/BradenPollock/status/1270526873580130306 quitter le conseil d’administration d’Epik > après que Rob Monster avait organisé une projection de la vidéo, dont le visionnage était obligatoire pour tous les salariés, dans les locaux de l’entreprise.

Maybe a poor translation, or poor reporting. As the "mandatory video" that lead to that 2020 announcement, wasn't necessarily a mandatory video, but a zoom call at the domain social. Or so was my understanding.

I also thought I heard something about Braden withdrawing his resignation, shortly after epik's VP of Qommunication (@Intelliname) threatened to expose unspecified secrets of the shady sides domain selling/sellers. To whit, the involved parties seemed to kiss and make up, instead of going nuclear.

recap: https://everything.explained.today/Epik_(company)/

16. 1270526873580130306. BradenPollock. Since @robmonster and I don’t share the same ideology it’s time he and I part company. I don’t agree with the direction of @EpikDotCom so I’ve decided to resign my Board seat, effective immediately.. Braden Pollock. June 9, 2020. https://web.archive.org/web/2020061....com/BradenPollock/status/1270526873580130306. dead. June 10, 2020.