alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

This a real honeypot for law enforcement.

As a security professional, I would like to point out that the term "honeypot" in security refers to setting up a shadow system with fake data, which is intended to attract hackers and learn from new attack techniques. In Epik's case, unfortunately, it was about real data.

 

[Digital Universe]

I am not a conspiracy theorist... but get a bunch of extremists using one company, then one of the most complete data breaches in history happens. Names, addresses, passwords, credit cards, VPN records, and much more.

This a real honeypot for law enforcement.

Brad

As a security professional, I would like to point out that the term "honeypot" in security refers to setting up a shadow system with fake data, which is intended to attract hackers and learn from new attack techniques. In Epik's case, unfortunately, it was about real data.

I don't think Brad meant it literally, but the point is clear. The real data in this case is what is most valuable to law enforcement, journalists etc. exposing extremists and not the attack techniques of potential hackers in the conventional honeypot terminology. PS there are different types of honeypots, but that is another topic. But in this case It's like Epik attracted all these "bad" actors, the ultimate honeypot attracting flies in a creative way of speaking. Flies can be hackers or nazis or jan 6th law breakers, extremists etc. etc.

 

[Future Sensors]

I don't think Brad meant it literally, but the point is clear.

You're right. It was more of an addition, to indicate how the term is used in security. In common language it certainly has other meanings as well.

 

[NameFu]

Apologies if this has been posted already, but see hashtag #epikfail on Twitter.

 

[Lox]

fired
link

https://twitter.com/x/status/1441042329473667076

 

[ABcZXy]

Hii,
I am new to this whole domain thing; buying, selling domains to make profit. And also, new to NamePros, I should have gone to introduce myself in the forum section, but I guess I will do it later.

I bought a few of them on Epik through Anonymize privacy add-on. They were mostly for long term holding for my future projects.

I can't remember exactly, but I had visited the site in 2020 to learn how domaining works. But registered with Epik I think in May 2021 and bought the one I wanted in May-June 2021. I checked myself on haveibeenpawned website with my email address and it seems I am not afffected.

So, the people who have the data in front of their eyes for whatever reasons, can tell me (or others) with certainty that the data is definitely before Feb2021.

Thank You.

 

[finitecrystal]

So, the people who have the data in front of their eyes for whatever reasons, can tell me (or others) with certainty that the data is definitely before Feb2021.

Summarizing the results of my investigation for others with similar questions.

I don't know when the hack occurred or what exactly the hacker had access to, I am almost certain that the database dump was made on February 28, 2021 or March 1, 2021.

 

[MasterOfMyDomains]

Lets all pray for this man.
On a brighter note. I got namecheap vpn now. I go to daddy, we need to text u a code. I go to namecheap, we need to text you a code cowboy
I go to epik, click login and wham bamn, thank you masm, i go right to control panel. Maybe you should make everyone login with credentials. Namesilo didnt even remember my username and password with vpn running. Sorry i didnt keep my wurd about posting in thread. At least i am on topic and not trying to hand out milk and cookies

fired
link

https://twitter.com/x/status/1441042329473667076

 

[finitecrystal]

I go to epik, click login and wham bamn, thank you masm, i go right to control panel.

This is probably the result of FederatedIdentity being responsible for logging you into Epik with OAuth. If you got logged out of Epik's website but didn't need any password, Epik's website is working fine, but since your browser is already logged into FederatedIdentity (the same way you stay logged into Google) and you've already approved the OAuth application, you get logged in instantly. It's possible that Epik wasn't actually logging you out and perhaps you should be logged out of FederatedIdentity as well, but I don't think that's unusual.

 

[Beezy]

Just a thought semi-related to the subject of this firing.

A few years ago when you could get one word .co at godaddy closeouts, one that I thought about for a couple of minutes was j * 1 * h * @ * d . co

It was a short word! I thought maybe I could make $20 flipping it here.

Then I gave it some thought, and passed... because I would forever regret if I was screened at an airport because of a domain registration. Or worse.

Or worse. You know?

What you register is most likely attached to you, or will get unmasked.

Anyway, a random recollection from years ago.

 

[timestamp]

Epik now needs to enable username change!
Password - changed!
Email - changed!
Username - unable to change!

 

[bmugford]

Lets all pray for this man.
On a brighter note. I got namecheap vpn now. I go to daddy, we need to text u a code. I go to namecheap, we need to text you a code cowboy
I go to epik, click login and wham bamn, thank you masm, i go right to control panel. Maybe you should make everyone login with credentials. Namesilo didnt even remember my username and password with vpn running. Sorry i didnt keep my wurd about posting in thread. At least i am on topic and not trying to hand out milk and cookies

Interesting. You might end up seeing a lot more fallout like that.

There are certainly going to be a lot of people who end up being connected to things they would rather not be connected to.

Agent swept up in hack canned from brokerage for Holocaust views

Joshua Alayon allegedly tried to register a slew of domains such as holocaust-truth.com, theholocaustisfake.com, whitechristianrepublican.com and whitesencyclopedia.com

https://www.inman.com/2021/09/22/agent-swept-up-in-hack-canned-from-brokerage-for-holocaust-views/

 

[finitecrystal]

Epik now needs to enable username change!
Password - changed!
Email - changed!
Username - unable to change!

The username is not particularly security sensitive. I don't think it's really used for much. That being said, Epik could probably allow it since they're using sequential numeric IDs for account associations. You don't necessarily have to change your email either, just make sure you change your password and you'll be fine.

 

[tonyk2000]

I would forever regret if I was screened at an airport because of a domain registration. Or worse.

It is wise.

Somewhat offtopic here, but once I knowingly dropped a good domain, which (learned this by checking g search results on my domain/term) happened to be similar to another domain (business name) where the owner was sued for something _extremely_ bad. I decided to eliminate even a remote possibility of being (incorrectly) associated with that guy who still owns a domain similar to mine. Naturally, another domainer grabbed the one I dropped and listed it for sale...

As for epik leaked stuff, replacing the leaked account email in all _other_ places is what I'm doing now. Yeah, it is extra time and efforts - but we should now expect more spam, more hacking and social engineering attempts @ other registrars, potential association with "bad boys" should the epik db become _too_ public+searchable (like panama papers for example), etc etc, etc. So, dropping (at least) this email makes sense imo.

 

[tonyk2000]

Epik now needs to enable username change!
Password - changed!
Email - changed!
Username - unable to change!

+ Account deletion function. Not all current customers will use Epik after the hack, so why do they need Epik account at all?

 

[barybadrinath]

Some days ago received an email from Have i been pawned regarding data breach.
Just now got an email from spycloud regarding data breach.

 

[barybadrinath]

It also seems Breached data is being sold on dark web. Private Source is generally a criminal trying to sell the hacked data.

 

[timestamp]

Username or email are used for login. That's half information. Other half is password.

Account deletion is needed everywhere. Not just at epik.

 

[finitecrystal]

Username or email are used for login. That's half information. Other half is password.

A username or email is just used to identify which user is trying to log in, remember that people sometimes share their email addresses so they can use email for communicating with people. The password is the secret. Two secrets isn't really any more secure than one secret, which is why 2 factor authentication systems use something you have or something you are instead of 2 things you know.

 

[Bravo Mod Team]

why Chris Hydrick left the forum? He commented on this topic since Sept, 14th
does anybody knows?

Threads like this tend to cause a lot of tension within the community. It’s wise to take a break when you feel it’ll be helpful; he’s always been good at doing that. We hope to see him return again when he’s ready.

While he was heavily contributing to this thread, please create a new thread to discuss topics that are not directly related to the topic of this thread.