alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Kirtaner]

Don't let my irreverent nature fool you, I'm here for serious, frank discussions with a bit of whimsy thrown in.

I'm sure everyone here has many questions I could assist with.

I've been discussed in this thread already. Figured it would be nice to come have a little chat.

 

[Derek Peterson]

Don't let my irreverent nature fool you, I'm here for serious, frank discussions with a bit of whimsy thrown in.

I'm sure everyone here has many questions I could assist with.

I've been discussed in this thread already. Figured it would be nice to come have a little chat.

1) Looks like your account on Twitter got suspended. Have you created a new account to release updates?

2) In the data have you seen anything related to conversations between epik staff or the Monster himself and the FBI or other law enforcement? I have only seen 2, and they both are related to subpoenas. (see attachments)

 

[carob]

If you want to assign blame, it is reasonable to blame the incredible irresponsibility and/or ineptitude at Epik that resulted in such an enormous amount of data being stored in such a poor way. It might also be reasonable to blame those responsible for exfiltrating the data, though with security and data retention practices like Epik's my only surprise is that it didn't happen sooner.

It's entirely possible that data was always exiting Epik through the back door, due to incompetence, by design, or due to collusion or cooperation. The public release by recent hackers may actually have ruined others longstanding and ongoing discreet access to Epik data.

Surprised no one has mentioned the word Kompromat yet - sometimes behind the scenes pressures force behaviour.

 

[carob]

Esquire article 27 Sept
https://www.esquire.com/news-politics/politics/a37754550/epik-hack-anonymous-right-wing-hate-groups/

 

[Windoms]

Don't let my irreverent nature fool you, I'm here for serious, frank discussions with a bit of whimsy thrown in.

I'm sure everyone here has many questions I could assist with.

I've been discussed in this thread already. Figured it would be nice to come have a little chat.

1/ who are you, why are you relevant to this thread, sorry but I have no idea.
2/ whoever you are claiming to be, can you prove it. I too could make using your name and picture.

Thanks

 

[Windoms]

that has nothing to do with MY shit being stolen .. nor the other innocent people .. you can use not secure or whatever you want .. the Hacker illegally hacked Epik .. he stole all our shit .. now we have other people stealing all our shit ..

Dont keep bad company.
Valid for Rob for messing with these groups.
Valid for epik for having Rob as CEO.
Valid for us for messing with epik.

I learnt my lesson.
Dont deal with messy companies.

 

[mr-x]

...

If you want to assign blame, it is reasonable to blame the incredible irresponsibility and/or ineptitude at Epik

You can blame Epik for poor management, lax security but not the breach. Epik was hacked by criminals because they hate Rob's politics.

 

[mr-x]

Facebook, twitter, Instagram, every other major social media service deals with these problems. Weird you select one company to cry about, especially when FB has a notorious reputation for sex trafficking.

You seem obsessed and irrational.

Another issue that is beginning to surface as the EPIK data leaks are reviewed is EPIK's involvement with lolicon (drawn, sexually explicit images of children) and actual child pornography. I have been fighting with Monster about this for many years and I am glad to see it is finally coming back to expose him for the things he has been doing.

It started with Gab, the coat tails Mr Monster was trying to ride to popularity. Gab's main business model was selling lolicon and actual CP behind paywalls. That is the real reason they were cancelled by stripe (see attachments). I spoke with Mr Monster about this when he first took over domain hosting for Gab (2018). He called me a liar so I sent him several emails with many links to examples and even made a video. He then demanded I take down the video or else, of course I did not comply. He was far more concerned with making Gab look good and be a big deal so that he would look good and be a big deal, he not only didn't care about the ILLEGAL pornography but he attacked actual Christians, me, who were exposing it. (*I never requested that Rob stop hosting Gab, I just said he should not promote them and defend by telling things he knew were not true. It was very frustrating for me.)

Here is the video I made in 2018 exposing the lolicon on Gab.

After gab was kicked off microsoft hosting they moved to a hosting provider called Sybil. Sybil was literally just 2 teenage boys with a couple racked servers hosting lolicon and real CP. Mr Monster purchased them shortly thereafter for a very small amount. Sybil's total revenues were about $2,500/month and half of that was gab hosting. I know this because Rob told me directly and sent me an email with all of Sybil's financials before he purchased them.

Mr Monster helped cover up a huge lolicon distribution network for many years because he wanted to be famous and get rich and, from what seems to be coming out as a result of the leaks, he was even profiting from such things directly.

Also, as further proof of Mr Monster's corruption, he also helped cover up Gab's actual user numbers because he wanted Gab to be a bigger deal than it actually was.

When Gab raised a couple million dollars from crowdfunding they were claiming to have a million users when in reality they only had a couple thousand. Rob knew this because he ran their hosting but again he threatened and demeaned me and helped Torba commit fraud.

You actually think the CEO of Epik keeps track of membership numbers for his customers websites?

 

[mr-x]

There's no need to delete my posts. Like I said.

I'm here as an ambassador,.

You're here to gloat and enjoy the chaos. You didn't just attack Epik, you exposed / doxxed thousands of people.

 

[Kirtaner]

1/ who are you, why are you relevant to this thread, sorry but I have no idea.
2/ whoever you are claiming to be, can you prove it. I too could make using your name and picture.

Thanks

1/

2/ @Bravo Mod Team and @Echo Mod Team verified me last night.

 

[Kirtaner]

1) Looks like your account on Twitter got suspended. Have you created a new account to release updates?

2) In the data have you seen anything related to conversations between epik staff or the Monster himself and the FBI or other law enforcement? I have only seen 2, and they both are related to subpoenas. (see attachments)

I did not operate Epik Fail Data Leaks.

A cursory grep of the dump supposedly only reveals those two tickets, but there may be more under other keywords. I should ask if anyone has searched for NSL/National Security Letter/Gag Order.

 

[Kirtaner]

You're here to gloat and enjoy the chaos. You didn't just attack Epik, you exposed / doxxed thousands of people.

Who doesn't enjoy a little bit of chaos now and then?

And, you seem to be mistaken here - Anonymous exposed people.

 

[mr-x]

Who doesn't enjoy a little bit of chaos now and then?

And, you seem to be mistaken here - Anonymous exposed people.

You're not a hero.

 

[Kirtaner]

You're not a hero.

We could show you the enormously positive reception to Epik Fail in most MSM comments calling Anonymous heroes to the United States, but your brain would probably short circuit.

Free speech does not equate freedom from consequences and I personally hope there are lessons being learned from this event.

Don't platform fascists for short-term gain. You will end up with nothing but long-term pain.

 

[Paul]

2/ @Bravo Mod Team and @Echo Mod Team verified me last night.

As a clarification, we have determined that you are most likely not trying to impersonate anyone. We can't be certain, as the Wikipedia page in question was created only two days prior to your arrival here by someone you appear to know, and the sources, while numerous, provide limited identifying information or are primary sources.

You're not a hero.

He's not claiming to be the individual who hacked Epik. He's offering his opinion, just as you are.

Who doesn't enjoy a little bit of chaos now and then?

Before this gets heated, as a reminder, this is a professional forum, and everyone here is expected to conduct themselves accordingly regardless of their views. You're going to be interacting with a significant number of people who have little to no security experience. We have a policy against deliberate trolling or antagonizing, and although there's been no shortage of people forgetting that policy in this thread, we'd prefer if the issue weren't exacerbated.

We could show you the enormously positive reception to Epik Fail in most MSM comments calling Anonymous heroes to the United States, but your brain would probably short circuit.

While you'll be offered some leniency because you've just arrived, we do ask that you refrain from being condescending.

Free speech does not equate freedom from consequences and I personally hope there are lessons being learned from this event.

Indeed, and regardless of whether NamePros staff agrees with your views on the issue at hand, our community does have an expectation that we will remove people who are here purely to antagonize without contributing.

Don't platform fascists for short-term gain. You will end up with nothing but long-term pain.

Epik's policies have been argued at great length on NamePros over the course of several years. Everything that could be said has been said, and in a small industry like ours, everyone knows where everyone else stands. There isn't much point in debating it further; you're just creating more work for moderators who have to clean up the mess, and that isn't appreciated.

 

[Kirtaner]

As a clarification, we have determined that you are most likely not trying to impersonate anyone. We can't be certain, as the Wikipedia page in question was created only two days prior to your arrival here by someone you appear to know, and the sources, while numerous, provide limited identifying information or are primary sources.



He's not claiming to be the individual who hacked Epik. He's offering his opinion, just as you are.



Before this gets heated, as a reminder, this is a professional forum, and everyone here is expected to conduct themselves accordingly regardless of their views. You're going to be interacting with a significant number of people who have little to no security experience. We have a policy against deliberate trolling or antagonizing, and although there's been no shortage of people forgetting that policy in this thread, we'd prefer if the issue weren't exacerbated.



While you'll be offered some leniency because you've just arrived, we do ask that you refrain from being condescending.



Indeed, and regardless of whether NamePros staff agrees with your views on the issue at hand, our community does have an expectation that we will remove people who are here purely to antagonize without contributing.



Epik's policies have been argued at great length on NamePros over the course of several years. Everything that could be said has been said, and in a small industry like ours, everyone knows where everyone else stands. There isn't much point in debating it further; you're just creating more work for moderators who have to clean up the mess, and that isn't appreciated.

I will attempt to maintain "professionality" - this is a monumental event which I'm sure you can agree with and such statements are merely to cement where the mindset of Anonymous currently stands. Consider it a closed subject henceforth.

For additional verification I am also moderator of /r/anonymous on Reddit, which was created in 2008.

 

[mr-x]

..
He's not claiming to be the individual who hacked Epik. He's offering his opinion, just as you are.

His motives are clear. He claims to be a founding member of anonymous, wants to act as a spokesperson.

Before this gets heated, as a reminder, this is a professional forum, and everyone here is expected to conduct themselves accordingly regardless of their views. You're going to be interacting with a significant number of people who have little to no security experience. We have a policy against deliberate trolling or antagonizing, and although there's been no shortage of people forgetting that policy in this thread, we'd prefer if the issue weren't exacerbated.

I'm not angry. I don't believe my statements are defamatory or untrue. @Kirtaner claims Anonymous didn't doxx anyone, he is technically correct but the end result is the same.

While you'll be offered some leniency because you've just arrived, we do ask that you refrain from being condescending.

Indeed, and regardless of whether NamePros staff agrees with your views on the issue at hand, our community does have an expectation that we will remove people who are here purely to antagonize without contributing.



Epik's policies have been argued at great length on NamePros over the course of several years. Everything that could be said has been said, and in a small industry like ours, everyone knows where everyone else stands. There isn't much point in debating it further; you're just creating more work for moderators who have to clean up the mess, and that isn't appreciated.

 

[Mr. Hacking]

You can blame Epik for poor management, lax security but not the breach. Epik was hacked by criminals because they hate Rob's politics.

Okay, I'm going to be real with you chief. I'm here as a neutral third party, the largest portion of my experience coming from a Cybersecurity background, especially as it pertains to AppSec.

I don't care about Monster's politics, at all. The root of the issue is that he isn't being held liable for numerous governance and compliance / privacy violations post breach. Any other law abiding company would get held accountable, yet his own clients affected by the breach are solely blaming the parties responsible for the hacks.

While I understand this stance, he did nothing to protect your data. Let's imagine it like a house. He had the opportunity to lock the front door and instead decided to leave it open. The argument is now a matter of, "oh well the criminal shouldn't have broken in".

Sure. That's fine. Does he or does he not hold liability though? A bear minimum observation of tech laws and regulations states that he does. Defending his bad behavior is the pinnacle of Stockholm syndrome and bad faith.

I don't want to fight about politics. Answer the question. Is he liable for damages?

 

[Paul]

this is a monumental event which I'm sure you can agree

It certainly is within the context of our industry. Many of us have accounts at Epik because we have to: as part of the process of buying and selling domain names, it's often necessary have an account at the same registrar where the domain being purchased currently resides. Even people who wouldn't really consider themselves deliberate customers of Epik are going be affected by this.

For additional verification I am also moderator of /r/anonymous on Reddit, which was created in 2008.

As we're aware representation of Anonymous is somewhat contentious, with multiple factions and individuals vying to claim control, we're not in a position to validate that you're a representative. You're free to provide evidence supporting your claim, but it's likely of little consequence here.

He claims to be a founding member of anonymous, wants to act as a spokesperson.

Yes, there is no shortage of people making such claims. Nevertheless, he is new here and may have insight to offer--our community doesn't normally see much input from hacktivists of any sort. It's a new perspective, so please afford him some understanding and respect, at least until he has made his points.

I'm not angry. I don't believe my statements are defamatory or untrue. @Kirtaner claims Anonymous didn't doxx anyone, he is technically correct but the end result is the same.

Like it or not, you're getting a glimpse of a fairly sizable internet subculture, one that certainly appears to be closely linked to the Epik hack. It would be wise to treat this with intrigue rather than disgust regardless of your stance on the issue at hand, as there's knowledge to be gained.

Is he liable for damages?

That's not really a great discussion point. Our industry is plagued by poor security practices, and it's unlikely that Epik is unique in that regard. I've been quite vocal elsewhere in this thread about my disappointment in Epik's security practices, but taking an adversarial stance in this thread isn't going to improve the situation much. It's a petty debate of little consequence when it takes place on small, niche platform like NamePros.

Edit: Typo (s/someone/somewhat/)

 

[mr-x]

We could show you the enormously positive reception to Epik Fail in most MSM comments calling Anonymous heroes to the United States, but your brain would probably short circuit.

My brain is old and tired but I'm not impressed by mains stream media outlets. Fame is fleeting.

Free speech does not equate freedom from consequences and I personally hope there are lessons being learned from this event.

We agree on that. I hope Epik will be a better company.

Don't platform fascists for short-term gain. You will end up with nothing but long-term pain.

My opinion, you're no better than antifa or any other anarchist, fascists group fighting in the street to silence speech you don't agree with. Different tools, same behavior.