alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Start]

HAHA the way you guys are behaving its hilarious.
Epik is the only one responsible here.
.

No, it's not funny that "researchers" (not actual social scientists, but just computer programmers who specialize in technical issues, and not ethical and societal decisions/analysis) are basically telling people that Epik's customers are mostly neo-nazis, and then publishing a list of all Epik customers.

That is a problem, due to Epik's terrible security, and due to the people publicizing this info and giving the wrong impression (which is being parroted by reporters who don't know better too).

 

[.X.]

I think Anonymize is the default whois info at Epik. But I think the list I saw had actual owners listed. And plenty of them were even people in India, Nigeria, etc. (not exactly a hotbed of neo-nazis!).

And I got some customers to buy domains through Epik years ago, and I don't like that if they kept the domain at Epik (and people often do simply keep a domain where it is... that's how NetworkSolutions still has so many customers), they're now being doxxed and "researchers" are giving people the impression that they're neo-nazis.

I know that they're just regular people.

At least just make it clear to people (on Twitter and elsewhere) that the neo-nazi scum are just a small fraction of Epik's customers. Rob didn't really make his political views known until 2-3 years ago, and Epik has been operating for far longer than that.

Instead, I saw on Twitter that someone asked if Epik's customers were all far-right, and one of the main "research" tweeters replied that there are "some innocent people"... but the vast majority of Epik's customer base are just regular people.

exactly … Regular people using a domain register .. innocent people caught up a personal Hack ..

 

[Jurgen Wolf]

This holywar doesn't matter as of now (after 2 weeks), Epik's toxicity is on maximum regardless of your own lifestyle or desires.
Forget and move on... No other way.

 

[bmugford]

At least just make it clear to people (on Twitter and elsewhere) that the neo-nazi scum are just a small fraction of Epik's customers. Rob didn't really make his political views known until 2-3 years ago, and Epik has been operating for far longer than that.

... but the vast majority of Epik's customer base are just regular people.

Yeah, I agree with that. It was really the New Zealand shooting thing that put Epik on the extreme radar, at least as far as my recollection.

Their actions after that became even more problematic.

If you are just some random domain investor you might not be aware of any of this when it comes to Epik. Not everyone reads domain blogs or participates on domain forums.

Many of the highest domain counts there are just domain investors who likely are there for pricing and might not know about any of the other stuff.

Brad

 

[.X.]

No, it's not funny that "researchers" (not actual social scientists, but just computer programmers who specialize in technical issues, and not ethical and societal decisions/analysis) are basically telling people that Epik's customers are mostly neo-nazis, and then publishing a list of all Epik customers.

That is a problem, due to Epik's terrible security, and due to the people publicizing this info and giving the wrong impression (which is being parroted by reporters who don't know better too).

They use “Independent” … that is the new going fad .. so i use Independent too … Independent Investigator .X.

what happened was .. a Hacker stole our shit .. put it up for download by anyone who wants it .. tons of innocent peoples information and financial information .. I don’t give a fuck about no neo - Nazi .. I am not one of them and neither is the majority of people who got their shit stolen .. our shit was stolen .. that is what happened ..no one authorized anyone to steal our shit .. it was stolen straight up ..

 

[.X.]

Yeah, I agree with that. It was really the New Zealand shooting thing that put Epik on the extreme radar, at least as far as my recollection.

Their actions after that became even more problematic.

If you are just some random domain investor you might not be aware of any of this when it comes to Epik. Not everyone reads domain blogs or participates on domain forums.

Many of the highest domain counts there are just domain investors who likely are there for pricing and might not know about any of the other stuff.

Brad

that has nothing to do with MY shit being stolen .. nor the other innocent people .. you can use not secure or whatever you want .. the Hacker illegally hacked Epik .. he stole all our shit .. now we have other people stealing all our shit ..

 

[The Grinch]

Leftists calling everyone who disagrees with them politically "nazis" or "racists" is very tiresome. Grow up.

I moved all my domains to Epik because they actually honor and support free speech.

I've been very happy with Epik, however, i am very disappointed if its true that they kept and stored all of our Credit card info including CVV unencrypted in plain text.

 

[bmugford]

Leftists calling everyone who disagrees with them politically "nazis" or "racists" is very tiresome. Grow up.

I moved all my domains to Epik because they actually honor and support free speech.

I've been very happy with Epik, however, i am very disappointed if its true that they kept and stored all of our Credit card info including CVV unencrypted in plain text.

Prepare to be very disappointed.

Brad

 

[Molly White]

Not everyone has the technical ability or resources to determine if their data is present in the leak, and I suspect many people who were exposed in this hack appreciate the work being done by those like whoever made that spreadsheet, and Troy Hunt and the other folks we can thank for Have I Been Pwned.

If you want to assign blame, it is reasonable to blame the incredible irresponsibility and/or ineptitude at Epik that resulted in such an enormous amount of data being stored in such a poor way. It might also be reasonable to blame those responsible for exfiltrating the data, though with security and data retention practices like Epik's my only surprise is that it didn't happen sooner. But blaming researchers for reformatting or sharing their findings from widely-available data is frankly ridiculous.

As another poster aptly put it more than a few pages back:

If someone analyses earthquake data and it helps me avoid catastrophe, I wouldn't accuse them of trying to destroy cities or targeting my home.

There is certainly reasonable criticism of reporting on this particular episode, and of reporting on Epik in general—for example, I've seen frequent errors (usually in breaking news) in whether Epik is the registrar for a website or a webhost over the years. And if there are journalists who have written that, numerically, most Epik customers are far-right, then that should be criticized (and corrections submitted). But it seems bizarre to me to fault journalists who have described Epik as a popular choice among far-right groups and individuals, or as a company known to service the same when they have been deplatformed by others. It seems to me that Epik has chosen to make a name for itself and increase its profile through vociferous support of projects like Gab, and Monster's (and other Epik employees') various statements and appearances supporting right-wing individuals. As recently as two months ago they were posting on Gab about rubbing elbows with James O'Keefe, it seems. You're quite right that there are probably customers whose information is in the leak due to domains bought before 2018, and who may not have realized their previously fairly low-profile registrar might suddenly take a public turn to the right, but it seems to me that it is Epik who is responsible for earning this reputation.

Anyway, now that I've responded to the ping and said my piece to the reply I will leave you be—I am cautious of appearing to intrude on your forum uninvited, as I am not a domainer myself. You know where to find me on Twitter if there's anything I can help with, or I will respond to pings here (albeit slowly and often only several pages later, apologies). Thank you again for your active discussion here—though I certainly disagree with many of the opinions expressed, I appreciate those of you willing to provide valuable expertise and insights in a public forum where those of us without the expertise can learn from you. Best of luck and best wishes to all.

 

[Future Sensors]

Anyway, now that I've responded to the ping and said my piece to the reply I will leave you be—I am cautious of appearing to intrude on your forum uninvited, as I am not a domainer myself.

Your contributions are very useful, thanks Molly.

 

[.X.]

Not everyone has the technical ability or resources to determine if their data is present in the leak, and I suspect many people who were exposed in this hack appreciate the work being done by those like whoever made that spreadsheet, and Troy Hunt and the other folks we can thank for Have I Been Pwned.

If you want to assign blame, it is reasonable to blame the incredible irresponsibility and/or ineptitude at Epik that resulted in such an enormous amount of data being stored in such a poor way. It might also be reasonable to blame those responsible for exfiltrating the data, though with security and data retention practices like Epik's my only surprise is that it didn't happen sooner. But blaming researchers for reformatting or sharing their findings from widely-available data is frankly ridiculous.

As another poster aptly put it more than a few pages back:



There is certainly reasonable criticism of reporting on this particular episode, and of reporting on Epik in general—for example, I've seen frequent errors (usually in breaking news) in whether Epik is the registrar for a website or a webhost over the years. And if there are journalists who have written that, numerically, most Epik customers are far-right, then that should be criticized (and corrections submitted). But it seems bizarre to me to fault journalists who have described Epik as a popular choice among far-right groups and individuals, or as a company known to service the same when they have been deplatformed by others. It seems to me that Epik has chosen to make a name for itself and increase its profile through vociferous support of projects like Gab, and Monster's (and other Epik employees') various statements and appearances supporting right-wing individuals. As recently as two months ago they were rubbing elbows with James O'Keefe, it seems. You're quite right that there are probably customers whose information is in the leak due to domains bought before 2018, and who may not have realized their previously fairly low-profile registrar might suddenly take a public turn to the right, but it seems to me that it is Epik who is responsible for earning this reputation.

Anyway, now that I've responded to the ping and said my piece to the reply I will leave you be—I am cautious of appearing to intrude on your forum uninvited, as I am not a domainer myself. You know where to find me on Twitter if there's anything I can help with, or I will respond to pings here (albeit slowly and often only several pages later, apologies). Best of luck and best wishes to all.

Why would I blame Rob Monster or Epik ??? I wouldn’t .. my Data is stolen .. Yes .. I know for sure it is .. I don’t think anything .. I know for a fact my data is stolen .. the Hacker took it upon themself to STEAL and violate thousands of innocent people .. it doesn’t make a damn if Rob left the door wide open .. the hacker is who came in illegally and stole the data .. Now .. we got more fish to fry .. why? Because the hacker put the data up on servers to be downloaded by whom ever wanted to download it .. so not only did the hacker steal the data .. it gave it to the world to have .. so now because of that .. other people are involved in being in possession of stolen data .. pertinent financial Data ..

Edited by moderator: removed antagonizing content

 

[The Grinch]

Best way to not have to worry about keeping data secured is just not storing it to begin with.

Edited by moderator: removed antagonizing content

 

[bmugford]

Why would I blame Rob Monster or Epik ??? I wouldn’t .. my Data is stolen .. Yes .. I know for sure it is .. I don’t think anything .. I know for a fact my data is stolen .. the Hacker took it upon themself to STEAL and violate thousands of innocent people .. it doesn’t make a damn if Rob left the door wide open .. the hacker is who came in illegally and stole the data .. Now .. we got more fish to fry .. why? Because the hacker put the data up on servers to be downloaded by whom ever wanted to download it .. so not only did the hacker steal the data .. it gave it to the world to have .. so now because of that .. other people are involved in being in possession of stolen data .. pertinent financial Data .. so yeah ..

Seriously man? Companies face attempted hacks daily.

There is a bare minimum of security measures required. It is like having a safe deposit box at a bank and them leaving the safe wide open and all the drawers open.

At some point they deserve a large percent of the blame for failing to store and secure the data properly.

Brad

 

[FernandoBMS]

Your contributions are very useful, thanks Molly.

Just to remind you all that information from this thread contesting press claims led to at least two corrections issued by the media about this story. One of them was originally clarified by Molly.

 

[.X.]

Seriously man? Companies face attempted hacks daily.

There is a bare minimum of security measures required. It is like having a safe deposit at a bank and them leaving the safe wide open and all the drawers open.

At some point they deserve a large percent of the blame for failing to store and secure the data properly.

Brad

If the hacker didn’t illegally shred the hell out the place .. we wouldn’t be here talking right now .. it does not matter if Rob left the doors wide open .. if I leave my door unlocked does that give you the right to trespass and open my door ?? NO .. will the police go easy on someone because they took it upon themself … on behalf of “Them” to make an illegal entry and steal everyone’s personal and financial information ?? NO .. it is a crime .. a crime has been committed big time .. stop defending the Hack ..

 

[The Grinch]

Seriously man? Companies face attempted hacks daily.

There is a bare minimum of security measures required. It is like having a safe deposit box at a bank and them leaving the safe wide open and all the drawers open.

At some point they deserve a large percent of the blame for failing to store and secure the data properly.

Brad

they deserve all the blame. There is no excuse for storing data in the way that they did, or at all.

Just got an email from them offering free fraud protection for two years:

"To help protect your identity, we are offering a complimentary 24 month membership of Experian’s® IdentityWorks"

I'll just replace the card I used with them. Not sure what I am going to do when it's time to pay them money again.

I liked them due to their support or free speech, but giving out my personal info is a little TOO FREE.

 

[Start]

Why would I blame Rob Monster or Epik ??? I wouldn’t .. my Data is stolen .. Yes .. I know for sure it is .. I don’t think anything .. I know for a fact my data is stolen .. the Hacker took it upon themself to STEAL and violate thousands of innocent people .. it doesn’t make a damn if Rob left the door wide open .. the hacker is who came in illegally and stole the data .. Now .. we got more fish to fry .. why? Because the hacker put the data up on servers to be downloaded by whom ever wanted to download it .. so not only did the hacker steal the data .. it gave it to the world to have .. so now because of that .. other people are involved in being in possession of stolen data .. pertinent financial Data .. so yeah ..

You're not helping here... Epik is at fault for the terrible security and strangely leaving a backup on a server. That's just a fact.

But the researchers are at fault for giving people the wrong impression, and acting like all of Epik's customers are extremists.

But your posts aren't helping.

 

[Molly White]

do you care to tell me if you are in possession of my stolen information and financials?? ..just asking ..

I am not.

 

[.X.]

You're not helping here... Epik is at fault for the terrible security and strangely leaving a backup on a server. That's just a fact.

But the researchers are at fault for giving people the wrong impression.

But your posts aren't helping.

I am not helping in your opinion .. because I am not agreeing with you .. and I won’t agree with you because it wasn’t Rob Monster who has given my personal and financial data to the whole WORLD now .. it was a Hacker who stole my personal stuff .. not Rob Monster or Epik .. what about all the innocent people ??? Maybe collateral damage to you guys ??? Just asking .. because I can tell you .. being violated and victimized by a criminal .. maybe Criminals now that so many have the data in their hands is NOT Rob Monster or Epik fault ..

 

[Lox]

There are 1 or 2 things that caused it:

1. Misuse of E services or R.B. willingness to absorb contrasting views/opinions by "certain groups and individuals" vocally supporting a new AB law - including rights to sue providers or others who help person get AB.
2. /T/e/x/a/s/ G//O//P// website hosted by E

imo