alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

We've received different emails apparently. Do you think that's because they have their hands on data and know which account passwords were present in the leak and which weren't?

Here is an email I've received:
https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-66#post-8408157
(EDIT: Link wasn't working)

I also received one recommending a password reset.

Brad

 

[bmugford]

Also, this data goes back 10 years so I am sure many of those accounts are long since dead. Huge percentage of people probably created account to look at interface or do one time purchase or transfer.

Yes, I am not sure how I got an Epik account exactly. I didn't ever really choose to do business with them.

I did purchase some domains from InTrust domains over a decade ago, before Epik bought them.

InTrust domains used to spam potential domain buyers daily. If this data includes them, then a lot of these accounts could be one-off buyers from more than a decade ago.

Who knows how many active customers they have.

Brad

 

[DaveX]

We've received different emails apparently. Do you think that's because they have their hands on data and know which account passwords were present in the leak and which weren't?

Here is an email I've received:
https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-66#post-8408157
(EDIT: Link wasn't working)

Yes, apparently there are two. Two separate articles on domaining .com outline each of the two. Not sure why they are slightly different.

 

[NicTraders]

So again, does anyone know how many user accounts are they on epik?

The Google Sheet linked to from this post indicates 12,120 organizations with domains registered. But the sum total is a bit under 325,000 domains. Well short of the 600k+ figure. So it seems that sheet is not complete by any means?...

 

[Derek Peterson]

Yes, I am not sure how I got an Epik account exactly. I didn't ever really choose to do business with them.

I did purchase some domains from InTrust domains over a decade ago, before Epik bought them.

InTrust domains used to spam potential domain buyers daily. If this data includes them, then a lot of these accounts could be one-off buyers from more than a decade ago.

Who knows how many active customers they have.

Brad

Exactly but at least one person knows, Rob, but he probably won't say truth because then he would be in trouble for lying to the investor he claims just gave him $32,000,000 recently. I'm sure him investor will not be happy the actual active user count is closer to 10K. He is caught in his lies. House of lies gonna fall down on him from all directions.

 

[Bob Hawkes]

So again, does anyone know how many user accounts are they on epik?

I am not sure number of user accounts but number of domain names registered there, at least at date of this Dofo blog article, was about 880 thousand, making them the 50th on list of registrars.
https://dofo.com/domain/registrars?page=2&page_size=25
Now many have large numbers of domains, so you would expect not as many accounts.

However, in a sense have a larger number of domain names 'under management' (I think Epik have in past used that term) because you could use their for-sale landers for domain names listed elsewhere.

Also, names on NameLiquidate that are registered elsewhere are on their site.

They may also have hosting or other service accounts without a domain name registered.

Recall that, as I understand it, the breach held some data for up to 10 years, so someone who had a single domain there years ago would in a sense be in the impacted number.

I have found it hard to follow all the claims, some of which have been written about by members of general press who don't understand certain aspects of whois, expiry, etc., but the number of people impacted would be expected to be higher than number of current users.

Bob

 

[Dream Domains]

Epik.com is innovating and I care not about anything else.

 

[Qc4]

Something interesting about the Epik hack that I haven't seen posted anywhere else is the fact that the database dump is incomplete. There is a main database where Epik stores most of the data for their registrar platform, but the dump ends abruptly about halfway through the tables. This is probably because the dump file was getting excessively large (over 100GB), and something went wrong with the process.

Another potentially disturbing thing that hasn’t been mentioned was people having to submit documents to prove their identity to conduct sales on the platform. Wondering if this stuff was stored safely or does the dark web have our licenses, picture ids etc.

According to Epik's registrar platform code, those documents are stored in the database. I'm guessing they are stored there forever based on what Epik does with other sensitive data. But since the data is incomplete (see above), that table was not included in the hack, so those documents were not exposed.

 

[bmugford]

Something interesting about the Epik hack that I haven't seen posted anywhere else is the fact that the database dump is incomplete. There is a main database where Epik stores most of the data for their registrar platform, but the dump ends abruptly about halfway through the tables. This is probably because the dump file was getting excessively large (over 100GB), and something went wrong with the process.


According to Epik's registrar platform code, those documents are stored in the database. I'm guessing they are stored there forever based on what Epik does with other sensitive data. But since the data is incomplete (see above), that table was not included in the hack, so those documents were not exposed.

The problem is who knows.

The hackers could have more as well.

There should really be no situation where these type of ID documents are stored on normal, internet accessible servers. They should be in some type of non-accessible cold storage.

Brad

 

[.X.]

The problem is who knows.

The hackers could have more as well.

There should really be no situation where these type of ID documents are stored on normal, internet accessible servers. They should be in some type of non-accessible cold storage.

Brad

think of this .. it took Anonymous to hack the site .. which i believe was a paid hack .. that is my opinion … so with it taking Anonymous to hack the site .. could the hack have been tried by lessor hackers and they did not succeed??

 

[bmugford]

think of this .. it took Anonymous to hack the site .. which i believe was a paid hack .. that is my opinion … so with it taking Anonymous to hack the site .. could the hack have been tried by lessor hackers and they did not succeed??

Well, it is not like Anonymous is a hacking group with centralized leadership. It is decentralized collective.

On a technical level, I think there are likely a large number of hackers that could have pulled if off, especially seeing the type of security protocols and measures Epik seemed to employ.

Major companies deal with hacking attempts almost daily. This is more of a story about how Epik was breached so thoroughly because of the system design when it came to server structure, coding, security protocols, etc.

Brad

 

[Windoms]

I am not sure number of user accounts but number of domain names registered there, at least at date of this Dofo blog article, was about 880 thousand, making them the 50th on list of registrars.
https://dofo.com/domain/registrars?page=2&page_size=25
Now many have large numbers of domains, so you would expect not as many accounts.

However, in a sense have a larger number of domain names 'under management' (I think Epik have in past used that term) because you could use their for-sale landers for domain names listed elsewhere.

Also, names on NameLiquidate that are registered elsewhere are on their site.

They may also have hosting or other service accounts without a domain name registered.

Recall that, as I understand it, the breach held some data for up to 10 years, so someone who had a single domain there years ago would in a sense be in the impacted number.

I have found it hard to follow all the claims, some of which have been written about by members of general press who don't understand certain aspects of whois, expiry, etc., but the number of people impacted would be expected to be higher than number of current users.

Bob

Dear respectable Bob, are you claiming something, or just sharing some points?

15 million impacted users, I dont believe the extreme vast majority was using any epik service, whether landers, hosting, nameliquidate, or whatever it may be. It was said multiple places since the breach "many of whom were not using epik at all". I think those contacts were just in the database for spam or some future plans.

Whatever epik related service you use, landers, hosting, you need an account. Merge them altogether, everyone from the past 10 years, I find it hard to get to get to 100,000 users, given theres much bigger registrars out there.

Namecheap is 2nd largest registrar with 2 million customers, and its clear that epik isnt even nearly 1/10th of namecheap.

Epik has more noise surrounding the company than actual business.

The 110,000 could be all customers from the last 10 years, it is possible.

 

[.X.]

Well, it is not like Anonymous is a hacking group with centralized leadership. It is decentralized collective.

On a technical level, I think there are likely a large number of hackers that could have pulled if off, especially seeing the type of security protocols and measures Epik seemed to employ.

Major companies deal with hacking attempts almost daily. This is more of a story about how Epik was breached so thoroughly because of the system design when it came to server structure, coding, security protocols, etc.

Brad

had the site had easier gateways .. I think the site would have been hacked by lessor than Anonymous IMO … although they work alone .. they do know each other to some extent .. even a couple of them have gotten married .. and divorced .. it’s not as complicated as it is made out to be ..

 

[noneisnone]

When you consider Epik's total registrations, and that according to records only 2% of their transactions were over $10, and 50% were under $1... I don't think the actual customer base is likely all that large.

You can tell via the numbers above that a large percent of their registration volume appears to be via some type of low-priced promotions.

Brad

am guessing the .co 0.99$ promotion

 

[bmugford]

had the site had easier gateways .. I think the site would have been hacked by lessor than Anonymous IMO … although they work alone .. they do know each other to some extent .. even a couple of them have gotten married .. and divorced .. it’s not as complicated as it is made out to be ..

I mean it is made up of a relatively non-organized group of people. It is not like they have an official membership card. Obviously some people with similar interests, might know each other.

Not every member of Anonymous is some tier 1 hacker. You clearly have many who are, but many more are supporters of the cause.

The power of Anonymous is largely to do with the crowdsource aspect of that support.

There are any number of hackers / groups out there with similar technical abilities.

Brad

 

[.X.]

I mean it is made up of a relatively non-organized group of people. It is not like they have an official membership card. Obviously some people with similar interests, might know each other.

Not every member of Anonymous is some tier 1 hacker. Many are more supporters.

There are any number of hackers / groups out there with similar technical abilities.

Brad

You hit the nail on the head .. “Members” … many supporters .. Yes … the supporters are very open about the “Members” the supporters love to hang out with each other and chat .. they talk a lot ..

 

[Windoms]

Godaddy 76 million domains, 20 million customers.
About 4 domains per customer.

Namecheap 12 million domains, 2 million customers.
About 6 domains per customer.

Epik 600.000 domains.
Domains per 1%str domainer?
Domains per .99 .co promo domainer?
Even I registered 150 last year LOL.
50% of transactions under $1. 2% under 10$.
Says a lot.

Remember we were the main focus of epik in their ambition for growth. So most of their customers are domainers.
The far right people and free speech advocacy, it was just an opportunity that Mr. turn lemons into lemonade CEO took when GAB got kicked out of Godaddy.

Aside from GAB event, dont see where they had the opportunity to attract non-domainer customers. Only us cared about the innovation and landers. For general customers, theres better registrars, with better reputation.

At this very moment I realized the hackers leaked more domainers than nazis.
But at least no researcher will expose us.
Unless you've been registering some very bad domains, then no more warranty.
Like LoveHitler.co
Lol.

 

[Windoms]

I also just realized, there we go, made things short.

The hackers said

"Contained with this release.
A decade's worth of company data fron the company.

ALL DOMAIN PURCHASES
ALL TRANSFERS
ALL WHOIS HISTORY
ALL DNS changes

Account credentials for:
ALL EPIK CUSTOMERS, hosting, anonimyze, and so on
Epiks internal systems
Epik's Godaddy logins"

So yes, I say it again, the 110,000 is 100% of epiks customer data. The answer was right there under our nose.

 

[jmcc]

I am not sure number of user accounts but number of domain names registered there, at least at date of this Dofo blog article, was about 880 thousand, making them the 50th on list of registrars.
https://dofo.com/domain/registrars?page=2&page_size=25
Now many have large numbers of domains, so you would expect not as many accounts.

Those figures look like Dofo is adding to the last published ones, Bob,
These are the totals for the last (May 2021) ICANN reports:
All: 653,482
Legacy: 578,633
New gTLDs: 74849

.COM: 494,019
.NET: 22,259
.ORG: 22,658
.BIZ: 1,930
.INFO: 36,998
.XYZ:37,412 (Peaked August 2020 at 41,742)

The .COM count peaked at 528,789 for September 2020.(All: 746,030).

The domains under management or "dums" is sometimes used as a metric in the registry/registrars side of the industry.

I have found it hard to follow all the claims, some of which have been written about by members of general press who don't understand certain aspects of whois, expiry, etc., but the number of people impacted would be expected to be higher than number of current users.

It is the Dunning Kruger effect writ large. The key aspects, with the scraped WHOIS records, are the expiry date in those WHOIS records and whether the domain names are still registered. Millions of domain names are not renewed on their first renewal. In terms of sales, Epik was fairly active and it was marketing the new gTLDs even after the Digital Towns thing.

The "registrar" thing gets even more complex when discussing ccTLDs. Claiming Epik is the "registrar" for a number of ccTLDs when it is not an accredited registrar in those ccTLDs is wrong. It is not a registrar in some of the ccTLDs that I've seen mentioned and the registrants may be parking those domain names on Epik for sale. A lot of the coverage doesn't differentiate between Epik being a registrar and Epik being just a hoster.

Regards...jmcc

 

[jmcc]

Godaddy 76 million domains, 20 million customers.
About 4 domains per customer.

Namecheap 12 million domains, 2 million customers.
About 6 domains per customer.

These are the top 10 gTLD registrars by count for May 2021:
| GoDaddy.com, LLC | 65,734,606 |
| NameCheap, Inc. | 12,568,285 |
| Tucows Domains Inc. | 10,606,680 |
| Network Solutions, LLC | 6,864,226 |
| Google LLC | 6,407,480 |
| Alibaba Cloud Computing (Beijing) Co., Ltd. | 6,168,054 |
| PDR Ltd. d/b/a PublicDomainRegistry.com | 5,242,927 |
| eNom, LLC | 4,939,971 |
| 1&1 IONOS SE | 4,824,985 |
| GMO Internet, Inc. d/b/a Onamae.com | 4,561,358 |

The problem is that some operations like Godaddy and Newfold Digital have multiple ICANN registrar accreditations. Godaddy bought Uniregistry's registar business and that's now a Godaddy registrar. Newfold owns Network Solutions and Public Domain Registry. The numbers of domain names per registrant is a bit obscure. Some registries publish the breakdowns but a lot of them have declined to publish it in the last few years as it could be used to check how many Mom and Pop registrants were active in a TLD. In this respect, not all TLDs are equal and having a high number of domainer and speculative registrations in a TLD is considered a bad thing for a newly launched TLD. Epik has been trying a lot of business ideas over the last ten years (some successful and some not so) but the bulk of registrations are still concentrated on the large registrar operators.

Regards...jmcc