alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[FiniteCrystal]

the Nazi domains are at another register .. the register that bans websites lol ..

I agree .. it appears like a full effort to defame character to finish what the hack didn’t .. expose or whatever .. but like I said … the Nazi domains are at another register . So

a Witch hunt .. there is a thought ..

I believe it's been well established that Rob's ownership of the nazi domains was primarily due to Epik's stupid expiration system that involves the domain being placed into Epik's account so they can sell it for a profit after it expires. I agree that this makes Rob's ownership of those domains less bad, but it does not absolve him of all responsibility. For starters, putting his name as the registrant on every domain that expired at Epik was an incredibly stupid decision on his part. Moreover, the reason he got those domains is because Epik is a fan favourite of nazis and all kinds of other unsavory people that Epik was clearly going out of their way to market to. Epik even gave Parler technical advice after they got yanked from AWS.

For what it's worth, Rob Monster also had his name on the registrant contact for hitlerdidnothingwrong dot com for a while. It's not a good look, even if it wasn't really his domain. He needs to seriously reconsider his commitment to putting his name on everything like a wannabe Donald Trump because it's making him look like an asshat right now.

 

[FernandoBMS]

What was the intention of these bcc mails? Do you think this is alarming? Were you aware of it?

I know to whom it was forwarded to, but I don't know if I'm allowed to mention in this forum.

 

[jmcc]

I believe it's been well established that Rob's ownership of the nazi domains was primarily due to Epik's stupid expiration system that involves the domain being placed into Epik's account so they can sell it for a profit after it expires.

This kind of breaking of the natural domain name registration/renewal/deletion lifecycle is not limited to Epik. There is a grace period after a domain name expires where the registrant can renew the expired domain name. Some registrars will, after that variable period expires, move the domain name to an auction site (if it is considered valuable or has traffic) rather than let it go through the full deletion process.

https://www.icann.org/resources/pages/gtld-lifecycle-2012-02-25-en

Regards...jmcc

 

[FiniteCrystal]

Is this (the use of the Russian code) related to the findings mentioned above by @FiniteCrystal?

What was the intention of these bcc mails? Do you think this is alarming? Were you aware of it?

I believe that the "shitty Russian code" that Epik "inherited" was responsible for how poorly the data was being stored, yes. I haven't actually looked into it much, but I think most of Epik's website code was actually included in the leak. I'm not really a security researcher so I wouldn't be able to point out anything interesting, but another Twitter user found at least a couple really horrible flaws, at least one of which still allowed drive-by XSS attacks on the current version of Epik's site(!!!) Epik blocked that person from logging into their bug reporting system, indicating that they still don't give a shit about security. If we give them the benefit of the doubt, we could say they're too busy scrambling to fix things to worry about the bug reports, but instead of spending time blocking a security researcher from doing their job, they should have spent that time fixing their shit.

I know who registered the domain that the Bccs were going to, I will share that information if it's expressly allowed by a mod. As for whether or not it's alarming, in my opinion, it is alarming that Epik was doing this in the first place, but again it was probably due to gross negligence and not some evil plot. Not sure what you're asking at the end, was I aware of what?

EDIT: I forgot to add that I think this so-called "legacy" "shitty Russian code" that Monster was referring to was written by the same guy who wrote all their other code, so unless he was referring to the entire registrar system, including Epik's additions, he kinda fibbed about that.

 

[Future Sensors]

I believe that the "shitty Russian code" that Epik "inherited" was responsible for how poorly the data was being stored, yes. I haven't actually looked into it much, but I think most of Epik's website code was actually included in the leak. I'm not really a security researcher so I wouldn't be able to point out anything interesting, but another Twitter user found at least a couple really horrible flaws, at least one of which still allowed drive-by XSS attacks on the current version of Epik's site(!!!) Epik blocked that person from logging into their bug reporting system, indicating that they still don't give a shit about security. If we give them the benefit of the doubt, we could say they're too busy scrambling to fix things to worry about the bug reports, but instead of spending time blocking a security researcher from doing their job, they should have spent that time fixing their shit.

I know who registered the domain that the Bccs were going to, I will share that information if it's expressly allowed by a mod. As for whether or not it's alarming, in my opinion, it is alarming that Epik was doing this in the first place, but again it was probably due to gross negligence and not some evil plot.

Thanks. I do think it's alarming too, but tried to ask it in a neutral way.

Not sure what you're asking at the end, was I aware of what?

That question, and all my questions, were addressed to @Rob Monster, but I had to quote your posting.

 

[FiniteCrystal]

That question, and all my questions, were directed to @Rob Monster, but I had to quote your posting.

Oh, I apologize. I misread the post since you mentioned me in one of the questions. My bad.

 

[tonyk2000]

For starters, putting his name as the registrant on every domain that expired at Epik was an incredibly stupid decision on his part.

It is neither good nor bad. Epik, like many other registrars, elects to remove expired domains from their original accounts (the original owner may still reclaim the domain, under certain conditions, but it is another story). Since each domain is supposed to have admin/tech/billing contacts, it is not surprising that Epik elected to use their company as a temporary new contact (pending final deletion or pre-release resale). Human name is a natural part of any contact record, so Rob (the CEO) was listed. Imo. Epik might use generic Domain Manager name instead [like web.com for example, just check whois of web.com] - would it make any practical or legal difference? No.

 

[Paul]

I know who registered the domain that the Bccs were going to, I will share that information if it's expressly allowed by a mod.

We'd rather this not turn into that sort of thread. There's going to be no shortage of such discussion taking place elsewhere, but NamePros is focused on domain investing. Many of our members are worried that their life's work may now be in jeopardy as a result of this incident.

I know Epik makes for great political news elsewhere, but that controversy has played out incessantly here for years. Most of us are tired of it. Everything that could possibly be said has been said, and there's really not much more to add. The threads now just devolve into flame wars.

An aspect to consider for people outside the industry is that Epik is renowned for their hands-on support. Regardless of what anyone may think of their politics, Rob and his team have a reputation for bending over backwards to help their customers, regardless of political affiliation (or lack thereof). For the most part, Epik has been a stellar example of perfect customer support, and I think even their detractors here would largely agree with that. That context is important to keep in mind when assessing the reactions from our community.

It would be best if this discussion headed toward remediation: what should our members do? What do our members need to worry about, and what's not worth worrying about?

 

[FiniteCrystal]

Epik might also use generic Domain Manager name [like web.com for example, just check whois of web.com]- would it make any practical difference? No.

The practical difference is that researchers and journalists looking through this dump won't see his name popping up dozens of times when they search for keywords like "nazi".

 

[FiniteCrystal]

We'd rather this not turn into that sort of thread.

Got it. The only reason I offered is because it's not an Earth-shattering revelation.

 

[tonyk2000]

The practical difference is that researchers and journalists looking through this dump won't see his name popping up dozens of times when they search for keywords like "nazi".

Post factum - yes, indeed. However, on and before March 2021 the things were set this way (internal records actually, as public records were "privacy" by default).

 

[.X.]

I believe it's been well established that Rob's ownership of the nazi domains was primarily due to Epik's stupid expiration system that involves the domain being placed into Epik's account so they can sell it for a profit after it expires. I agree that this makes Rob's ownership of those domains less bad, but it does not absolve him of all responsibility. For starters, putting his name as the registrant on every domain that expired at Epik was an incredibly stupid decision on his part. Moreover, the reason he got those domains is because Epik is a fan favourite of nazis and all kinds of other unsavory people that Epik was clearly going out of their way to market to. Epik even gave Parler technical advice after they got yanked from AWS.

For what it's worth, Rob Monster also had his name on the registrant contact for hitlerdidnothingwrong dot com for a while. It's not a good look, even if it wasn't really his domain. He needs to seriously reconsider his commitment to putting his name on everything like a wannabe Donald Trump because it's making him look like an asshat right now.

Yep .. after all the fuss .. it turns out the Nazi names aren’t Robs .. but only after a large character attack …

 

[FernandoBMS]

Got it. The only reason I offered is because it's not an Earth-shattering revelation.

This odd curious fact is verifiable and probably (and hopefully) will be addressed by Epik updates here or elsewhere but will certainly be mentioned in articles from independent researchers and journalists as it's a verifiable fact so you can check yourself in the data.

 

[Beezy]

So when we're talking about Russian code from 2011, the author of this code continued to work for the company since?

 

[tonyk2000]

So when we're talking about Russian code from 2011, the author of this code continued to work for the company since?

If it the same person, mentioned by @FernandoBMS -

Vitaliy Opryshko is (was?) Head Of Software Development for the last decade according to his linkedin.

then we may ask him directly: @vitigo is a member here and listed in "Epik Staff"

 

[Truespin Domains]

It's just bonkers how many security issues there were. I run a small SaaS with a small user base and comparatively little sensitive data, and I'm lightyears ahead of this crap. If I was Rob I don't think I'd have ever slept knowing what an insecure ship I was piloting.

 

[Lox]

Let me repeat for the 3rd time ...

If PWNED: Domain investors should change the email address - everywhere, every registrar. Create a new email address & start. Don't use your pwned email address for whois.

Regards

 

[Shackleton]

Anyone who ever used Epik's Anonymize service to hide dodgy activities has to be experiencing a sense of dread right now.

 

[FiniteCrystal]

It's just bonkers how many security issues there were. I run a small SaaS with a small user base and comparatively little sensitive data, and I'm lightyears ahead of this crap. If I was Rob I don't think I'd have ever slept knowing what an insecure ship I was piloting.

[the following is 100% FiniteCrystal speculation]
I don't think Monster knew how bad things really were, in my opinion him being the acting CTO is a major problem for Epik because it seems like he simply doesn't know his way around a computer well enough to play that role. What really baffles me is the cocky arrogance he seemed to have about how great Epik's security was. It's a little ridiculous to call yourself "The Swiss Bank of Domains" if your system is full of "shitty Russian code", and even more so if you don't know how shitty the code is.

 

[.X.]

So when we're talking about Russian code from 2011, the author of this code continued to work for the company since?

Yep .. just like you said … it’s all in the data … are you still sticking with that Rob owns the Nazi domains ..or ???

 

[bmugford]

Yep .. after all the fuss .. it turns out the Nazi names aren’t Robs .. but only after a large character attack …

Well, the WHOIS was in his name...so yeah, it is a reasonable misunderstanding.

This is really just a red herring from the core underlying issue, which is the massive data breach due to poor security by Epik.

Brad

 

[.X.]

Well, the WHOIS was in his name...so yeah, it is a reasonable misunderstanding.

This is really just a red herring from the core underlying issue, which is the massive breach due to poor security by Epik.

Brad

but it is probably better to have ALL the facts before throwing down Character Assassination and Assassination on a company ..

 

[bmugford]

but it is probably better to have ALL the facts before throwing down Character Assassination and Assassination on a company ..

Yeah, I have no problem with that. But you know if a bunch of nazi domains are in your WHOIS information, you have to see where the misunderstanding came from right?

It is not like it was made up out of thin air.

The point is that this is a minor tangential issue to the core debate regarding the massive data breach due to poor security measures.

Brad

 

[.X.]

Yeah, I have no problem with that. But you know if a bunch of nazi domains are in your WHOIS information, you have to see where the misunderstanding came from right?

It is not like it was made up out of thin air.

Brad

I understand that part .. but knowing Rob owns a domain register is much different than if the Whois information were in my name .. Rob is going to have domains in his name that he didn’t register himself or actually own … things are not always what they appear to be as now proven … the problem ? IMO … all of that was spread on Twitter .. I see that as a big problem .. maybe i am wrong though ..

 

[bmugford]

I understand that part .. but knowing Rob owns a domain register is much different if the Whois information were in my name .. Rob is going to have domains in his name that he didn’t register himself or actually own … things are not always what they appear to be as now proven … the problem ? IMO … all that was spread on Twitter .. I see that as a big problem .. maybe i am wrong though ..

This didn't come from nowhere.

Rob has aligned himself and Epik with some extreme actors over the years. He and others with Epik have been involved in spreading conspiracy theories, from shootings being a hoax to whatever else.

With that said, I think with almost any player this story would have been reported the same way.

They probably should have reached out for comment first, but I know Rob and crew have had a real adversarial relationship with many of these websites and news outlets.

Either way, back to the core point. The actual data breach.

Brad