alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Kirtaner]

As a clarification, we have determined that you are most likely not trying to impersonate anyone. We can't be certain, as the Wikipedia page in question was created only two days prior to your arrival here by someone you appear to know, and the sources, while numerous, provide limited identifying information or are primary sources.



He's not claiming to be the individual who hacked Epik. He's offering his opinion, just as you are.



Before this gets heated, as a reminder, this is a professional forum, and everyone here is expected to conduct themselves accordingly regardless of their views. You're going to be interacting with a significant number of people who have little to no security experience. We have a policy against deliberate trolling or antagonizing, and although there's been no shortage of people forgetting that policy in this thread, we'd prefer if the issue weren't exacerbated.



While you'll be offered some leniency because you've just arrived, we do ask that you refrain from being condescending.



Indeed, and regardless of whether NamePros staff agrees with your views on the issue at hand, our community does have an expectation that we will remove people who are here purely to antagonize without contributing.



Epik's policies have been argued at great length on NamePros over the course of several years. Everything that could be said has been said, and in a small industry like ours, everyone knows where everyone else stands. There isn't much point in debating it further; you're just creating more work for moderators who have to clean up the mess, and that isn't appreciated.

I will attempt to maintain "professionality" - this is a monumental event which I'm sure you can agree with and such statements are merely to cement where the mindset of Anonymous currently stands. Consider it a closed subject henceforth.

For additional verification I am also moderator of /r/anonymous on Reddit, which was created in 2008.

 

[mr-x]

..
He's not claiming to be the individual who hacked Epik. He's offering his opinion, just as you are.

His motives are clear. He claims to be a founding member of anonymous, wants to act as a spokesperson.

Before this gets heated, as a reminder, this is a professional forum, and everyone here is expected to conduct themselves accordingly regardless of their views. You're going to be interacting with a significant number of people who have little to no security experience. We have a policy against deliberate trolling or antagonizing, and although there's been no shortage of people forgetting that policy in this thread, we'd prefer if the issue weren't exacerbated.

I'm not angry. I don't believe my statements are defamatory or untrue. @Kirtaner claims Anonymous didn't doxx anyone, he is technically correct but the end result is the same.

While you'll be offered some leniency because you've just arrived, we do ask that you refrain from being condescending.

Indeed, and regardless of whether NamePros staff agrees with your views on the issue at hand, our community does have an expectation that we will remove people who are here purely to antagonize without contributing.



Epik's policies have been argued at great length on NamePros over the course of several years. Everything that could be said has been said, and in a small industry like ours, everyone knows where everyone else stands. There isn't much point in debating it further; you're just creating more work for moderators who have to clean up the mess, and that isn't appreciated.

 

[Mr. Hacking]

You can blame Epik for poor management, lax security but not the breach. Epik was hacked by criminals because they hate Rob's politics.

Okay, I'm going to be real with you chief. I'm here as a neutral third party, the largest portion of my experience coming from a Cybersecurity background, especially as it pertains to AppSec.

I don't care about Monster's politics, at all. The root of the issue is that he isn't being held liable for numerous governance and compliance / privacy violations post breach. Any other law abiding company would get held accountable, yet his own clients affected by the breach are solely blaming the parties responsible for the hacks.

While I understand this stance, he did nothing to protect your data. Let's imagine it like a house. He had the opportunity to lock the front door and instead decided to leave it open. The argument is now a matter of, "oh well the criminal shouldn't have broken in".

Sure. That's fine. Does he or does he not hold liability though? A bear minimum observation of tech laws and regulations states that he does. Defending his bad behavior is the pinnacle of Stockholm syndrome and bad faith.

I don't want to fight about politics. Answer the question. Is he liable for damages?

 

[Paul]

this is a monumental event which I'm sure you can agree

It certainly is within the context of our industry. Many of us have accounts at Epik because we have to: as part of the process of buying and selling domain names, it's often necessary have an account at the same registrar where the domain being purchased currently resides. Even people who wouldn't really consider themselves deliberate customers of Epik are going be affected by this.

For additional verification I am also moderator of /r/anonymous on Reddit, which was created in 2008.

As we're aware representation of Anonymous is somewhat contentious, with multiple factions and individuals vying to claim control, we're not in a position to validate that you're a representative. You're free to provide evidence supporting your claim, but it's likely of little consequence here.

He claims to be a founding member of anonymous, wants to act as a spokesperson.

Yes, there is no shortage of people making such claims. Nevertheless, he is new here and may have insight to offer--our community doesn't normally see much input from hacktivists of any sort. It's a new perspective, so please afford him some understanding and respect, at least until he has made his points.

I'm not angry. I don't believe my statements are defamatory or untrue. @Kirtaner claims Anonymous didn't doxx anyone, he is technically correct but the end result is the same.

Like it or not, you're getting a glimpse of a fairly sizable internet subculture, one that certainly appears to be closely linked to the Epik hack. It would be wise to treat this with intrigue rather than disgust regardless of your stance on the issue at hand, as there's knowledge to be gained.

Is he liable for damages?

That's not really a great discussion point. Our industry is plagued by poor security practices, and it's unlikely that Epik is unique in that regard. I've been quite vocal elsewhere in this thread about my disappointment in Epik's security practices, but taking an adversarial stance in this thread isn't going to improve the situation much. It's a petty debate of little consequence when it takes place on small, niche platform like NamePros.

Edit: Typo (s/someone/somewhat/)

 

[mr-x]

We could show you the enormously positive reception to Epik Fail in most MSM comments calling Anonymous heroes to the United States, but your brain would probably short circuit.

My brain is old and tired but I'm not impressed by mains stream media outlets. Fame is fleeting.

Free speech does not equate freedom from consequences and I personally hope there are lessons being learned from this event.

We agree on that. I hope Epik will be a better company.

Don't platform fascists for short-term gain. You will end up with nothing but long-term pain.

My opinion, you're no better than antifa or any other anarchist, fascists group fighting in the street to silence speech you don't agree with. Different tools, same behavior.

 

[Windoms]

1/

2/ @Bravo Mod Team and @Echo Mod Team verified me last night.

As a clarification, we have determined that you are most likely not trying to impersonate anyone. We can't be certain, as the Wikipedia page in question was created only two days prior to your arrival here by someone you appear to know, and the sources, while numerous, provide limited identifying information or are primary sources.

Not being certain you are the real Aubrey Cottle certainly sucks.
Because you might be someone trying to make the real you appear as a fool.

1/ are you free to move? Or are you a wanted man lol
2/ if you are free then you are welcome to provide more proof.

 

[mr-x]

Like it or not, you're getting a glimpse of a fairly sizable internet subculture, one that certainly appears to be closely linked to the Epik hack. It would be wise to treat this with intrigue rather than disgust regardless of your stance on the issue at hand, as there's knowledge to be gained.

I didn't realize I was expressing disgust but I don't approve of the methods.

Back to work.

 

[Windoms]

I didn't realize I was expressing disgust but I don't approve of the methods.

Back to work.

We have a guest, take it easy.
Let him prove his identity first.

 

[Molly White]

As a clarification, we have determined that you are most likely not trying to impersonate anyone. We can't be certain, as the Wikipedia page in question was created only two days prior to your arrival here by someone you appear to know, and the sources, while numerous, provide limited identifying information or are primary sources.

I know Kirtaner about as well as any of you do. When he appeared in Rob Monster's Q&A video I wanted to know who he was, so I did some research, and as I often do, I recorded my research on Wikipedia. We have interacted some on Twitter, as I have with many people who have posted substantially about the Epik breach.

It is straightforward to confirm that the Kirtaner posting here is the ThatNotoriousK who posts on Twitter, and it is also straightforward to confirm that ThatNotoriousK is the same Aubrey Cottle described in various news sources (linked from a Reddit AMA which multiple news outlets have described as legitimate, or a website link from another source confirms the Twitter account). Whether or not you believe the news outlets describing him as a founder of Anonymous did their due diligence is up to you, I suppose, but it is straightforward to draw those links (and since I already did this research when adding the information on Wikimedia projects, I figured I would share).

 

[MasterOfMyDomains]

This dude is the real mccoy. No doubt in my mind. You posted once you dont believe its him. Point made. Who would be stupid enough to come impersonate this man? That would be far stupider than not protecting my sensitive information. I am still searching for 24,000 emails with domain count google doc.

Edited by moderator: Personal attack removed

Not being certain you are the real Aubrey Cottle certainly sucks.
Because you might be someone trying to make the real you appear as a fool.

1/ are you free to move? Or are you a wanted man lol
2/ if you are free then you are welcome to provide more proof.

 

[Kirtaner]

Not being certain you are the real Aubrey Cottle certainly sucks.
Because you might be someone trying to make the real you appear as a fool.

1/ are you free to move? Or are you a wanted man lol
2/ if you are free then you are welcome to provide more proof.

 

[Windoms]

Why did you leak 110,000 people.
Why not 20,000, or 150,000.
?

Edit: Wooops.
Just remembered "anonymous" leaked them. Not you.

Re-edit: im actually confused, are you part of the hack or you're talking as "we are legion" kind of speech.

 

[Molly White]

Why did you leak 110,000 people.
Why not 20,000, or 150,000.
?

Edit: Wooops.
Just remembered "anonymous" leaked them. Not you.

Re-edit: im actually confused, are you part of the hack or you're talking as "we are legion" kind of speech.

I suspect that anyone who was involved in the hack is smart enough not to publicly identify themselves and then admit to a federal crime.

 

[Windoms]

I suspect that anyone who was involved in the hack is smart enough not to publicly identify themselves and then admit to a federal crime.

Makes sense.
But I asked whether he was free or wanted.
Because I was no idea of anonymous organization, structure or ways of working.

Please dont assume we know whats going on on twitter or wherever, most of us, and i mean the majority of us here dont.

So please no abbreviations or alien talk.

 

[Embrand]

Thank you for contributing. I, for one, find it interesting to get a new perspective.

Do you have any advice for someone like me without security expertise when choosing a domain registrar? Because apart from a strong password and using 2FA, I don't know what to look out for.

 

[Windoms]

Thank you for contributing. I, for one, find it interesting to get a new perspective.

Do you have any advice for someone like me without security expertise when choosing a domain registrar? Because apart from a strong password and using 2FA, I don't know what to look out for.

I too don't have any security expertise, nice question, but whatever we say lets steer towards the hack.

I have no tech knowledge all i see is legions live peaking over cantonese firewall laughing at my weak password ready to steal my 3digit cc verification code.
Lol.

 

[DomainNature]

For Info!
The hacked data is a old backup the reason for many non related to Epik accounts, that data is old it gets renewed/replaced and only some crumbles of value remain to hackers. Then hackers take helium and inflate a fairy tale baloon on (Twitter) which explodes with a simple needle leaving some rubber to play with.
Want to be on safe side (?) reissue your CC, it takes only one week for me and you get new numbers which are no longer in the data, that is how old gets renewed, go make a coffe and forget.
P.s. welcome to NP @Dirtaner, people are looking for you, but in your place I would not expose my selfies in a public forum, you never know how many Epik customers live in Canada and may recognize you on the streets.

 

[Paul]

It sounds like you have a lot of confusion to clear up, @Kirtaner. As you do so, please try to be patient and professional.

 

[Future Sensors]

For Info!
The hacked data is a old backup the reason for many non related to Epik accounts, that data is old it gets renewed/replaced and only some crumbles of value remain to hackers. Then hackers take helium and inflate a fairy tale baloon on (Twitter) which explodes with a simple needle leaving some rubber to play with.
Want to be on safe side (?) reissue your CC, it takes only one week for me and you get new numbers which are no longer in the data, that is how old gets renewed, go make a coffe and forget.
P.s. welcome to NP @Dirtaner, people are looking for you, but in your place I would not expose my selfies in a public forum, you never know how many Epik customers live in Canada and may recognize you on the streets.

You are downplaying the impact of this hack, which is not good advice to others.

 

[biggie]

Hi

got email from Escrow.com, basically saying that "due to the epik breach they are advising a resetting of passwords".

imo...

 

[Kirtaner]

For Info!
The hacked data is a old backup the reason for many non related to Epik accounts, that data is old it gets renewed/replaced and only some crumbles of value remain to hackers. Then hackers take helium and inflate a fairy tale baloon on (Twitter) which explodes with a simple needle leaving some rubber to play with.
Want to be on safe side (?) reissue your CC, it takes only one week for me and you get new numbers which are no longer in the data, that is how old gets renewed, go make a coffe and forget.
P.s. welcome to NP @Dirtaner, people are looking for you, but in your place I would not expose my selfies in a public forum, you never know how many Epik customers live in Canada and may recognize you on the streets.

The older, more stale data opens up questions on data privacy regulations. Obviously the red meat to researchers lies within the Epik customer, financial, and registration data itself - with most of the gold being within the Anonymize service decloaking made possible.

The backups argument falls flat on its face when you realize there were active credentials and SSH keys present that granted access to the main Epik network and web application accounts regardless of where they were initially derived. The backup story could even be damage control. Who knows? The support portal was defaced as a response to the breach denial, even.

I am quite aware as to the risks to personal physical safety. There are some truly unhinged people out there. Some of whom belong to groups designated as terrorist organizations in my country.

 

[Molly White]

P.s. welcome to NP @Dirtaner, people are looking for you, but in your place I would not expose my selfies in a public forum, you never know how many Epik customers live in Canada and may recognize you on the streets.

It seems to me it isn't Kirtaner who needs reminding this is a professional forum.

 

[Namersen]

Who doesn't enjoy a little bit of chaos now and then?

I too don't have any security expertise, nice question, but whatever we say lets steer towards the hack.

Any hints or assumptions on the technical aspects of the hack, logistics ect, or do you prefer to focus mainly on the social aspects, motives behind it?
Things like what exploit was most likely used, how long it took to download, was the supposed backup a live database as well or just sql dumps, and so on.

 

[Kirtaner]

Thank you for contributing. I, for one, find it interesting to get a new perspective.

Do you have any advice for someone like me without security expertise when choosing a domain registrar? Because apart from a strong password and using 2FA, I don't know what to look out for.

Research their clientele and the media coverage of their upper management so that you do not end up becoming a victim of shrapnel when something ends up happening.

 

[Windoms]

It seems to me it isn't Kirtaner who needs reminding this is a professional forum.

Yes but whatever comes his way if he deals with it professionally then we're all good.
(I suspect there's stuff coming)