alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Windoms]

So,
I have a microsoft account that I created using the same email as my epik account (gmail). You can create a microsoft account using a gmail email address as your login.
That microsoft account will give you access to all services including email, skype, etc..

I used my super cautious gmail email that I only use only on very trusted services, I have 0 spam emails, I use secondary emails for other websites. On haveitbeenpwned, the only breach is epik's.

1 hour ago, someone logged in that microsoft account using my gmail email. I just received a notice from microsoft (unusual login activity).

Had completely forgotten about that microsoft account, hopefully it was empty, just changed password.

Go through your emails, and find all services where you've signed up.
People are scraping hard.

 

[Paul]

On haveitbeenpwned, the only breach is epik's.

Not all breaches are public or make it to HIBP (Have I Been Pwned), so while it's possible it was a result of the Epik breach, it's difficult to know for certain unless it affects more people.

Also, Troy Hunt, founder of HIBP, opted to include email addresses that appeared in the leak in the form of WHOIS entries from other registrars. His site won't specify what information was included; appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

Edit: That being said, any passwords in public leaks do eventually find their way into credential stuffing combo lists. You should certainly change your passwords if you have entered them into Epik's website, as the the leak does appear to contain failed password attempts.

 

[The Grinch]

I'm surprised by how easy it was to get my bank card (one used on Epik) replaced, just called bank, they printed me a new card/number and I picked it up minutes later.

I assumed it was going to be a huge hassle of not being able to use Debit, and wait weeks for a new card.

Hopefully Epik stops storing such info, and actually uses some sort of encryption so this issue doesn't happen again.

 

[Paul]

I'm surprised by how easy it was to get my bank card (one used on Epik) replaced, just called bank, they printed me a new card/number and I picked it up minutes later.

Banks are accustomed to this. It's usually a lot easier to replace cards before they're misused rather than after.

 

[Derek Peterson]

As I watched Rob Monster in the "prayer meeting" for four hours I didn't see the apology and remorse that I was genuinely expecting to see. I saw a man that's highly skilled at "grooming", "manipulating" and "coercing" people, and came away with the impression that he usually gets away with it.

I don't see a "good" Christian, I see a dishonest liar and manipulator that I could never trust.

Yes, you saw clearly. Your word choices are on the money. Not a good look for Christianity.

 

[Windoms]

Not all breaches are public or make it to HIBP (Have I Been Pwned), so while it's possible it was a result of the Epik breach, it's difficult to know for certain unless it affects more people.

Also, Troy Hunt, founder of HIBP, opted to include email addresses that appeared in the leak in the form of WHOIS entries from other registrars. His site won't specify what information was included; appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

Edit: That being said, any passwords in public leaks do eventually find their way into credential stuffing combo lists. You should certainly change your passwords if you have entered them into Epik's website, as the the leak does appear to contain failed password attempts.

I don't even use that email for communication.
Neither for namepros, or paypal.
A big, absolute 0 spam emails.
It's clean.
99.9% chance login was from this breach.

appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

If you had an account there, your password was exposed.
Hackers said in the initial press release that included was
"account credentials for all epik customers, hosting, anonymize, VPN, and so on".

 

[oldtimer]

Let me ask you this, since you think people shouldn't worry too much. Do you think E will survive this as a registrar? Will they be able to come back from this? Don't mind the leaked PII, sales data, CC records, whatever. If E goes down, having a big portfolio over there is gonna hurt your business. If using E is part of your 'business model' you will be suffering. I already noticed some small portfolio holders having a hard time because of this, unloading, transferring....

So much for creating abundance.

Thanks for your professional response,

Whether Epik can survive this situation or not is something that we have to wait and see,

But, I haven't seen too many people that are willing to provide any constructive advice towards saving Epik as a Company.

As I have mentioned before everyone has to decide what the goal is here:

Is it to Destroy

or

Is it to Reform

If the goal is to Destroy then I think that this thread is right on track (although it reminds me of some of those nature documentaries that I see on TV where a pack of wolves relentlessly and ruthlessly tries to bring down a big buffalo).

But, if the goal is to Reform Epik then we need to see more impartial and constructive posts (advice) from the members here.

To Reform Epik it might be a good idea to start with getting a few non ideological people that are more business minded at the top in the board of directors while trying to simultaneously come up with some immediate plans for overhauling and upgrading all the security procedures and practices at all levels.

Also if Epik wants to continue to promote Free Speech by giving the fringe and extremist groups an opportunity to express themselves then they have to do that equally across the board for everyone and not just cater to certain racists groups and they also should draw some red lines in order to prevent anyone from using the Epik platform to bring harm to others or to the society and humanity at large.

IMO

 

[Mr. Glomar]

Not all breaches are public or make it to HIBP (Have I Been Pwned), so while it's possible it was a result of the Epik breach, it's difficult to know for certain unless it affects more people.

Also, Troy Hunt, founder of HIBP, opted to include email addresses that appeared in the leak in the form of WHOIS entries from other registrars. His site won't specify what information was included; appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

Edit: That being said, any passwords in public leaks do eventually find their way into credential stuffing combo lists. You should certainly change your passwords if you have entered them into Epik's website, as the the leak does appear to contain failed password attempts.

Just for clarification, Troy created a Twitter poll and asked the HIBP community to vote on whether to include the breach, because there was so much scraped WHOIS data.

I can't post links but it's easy enough to find if you search Troy Hunt's timeline for Epik and WHOIS.

 

[Future Sensors]

Hello @Rob Monster

Proper post-mortem and IH procedures are not just about the technical side of things.

A short (but substantive) update would be most welcome. As mentioned, regaining trust has to start somewhere. The email to Paul may have been a bit unfortunate. This professional domain name forum where you've been a very active participant for years seems like a good place to set things straight. It is clear that there are a lot of questions among the media and customers. Every day new things are added. See this as an opportunity where you can easily reach a large target group, since everything discussed here is also picked up by other media.

 

[FernandoBMS]

Epik's modus operandi for dealing with criticism has been to harass, try to defame and doxx its critics. This is not an opinion, it is a well-documented fact. Now that it has become impossible to deny certain facts and the volume of criticism has increased a lot, what is left for them is to say that your immortal soul is at risk if you say anything negative about them.

It would be funny if it wasn't sad.

 

[Bravo Mod Team]

Troy created a Twitter poll and asked the HIBP community to vote on whether to include the breach, because there was so much scraped WHOIS data.

https://twitter.com/x/status/1439007532287082496

https://twitter.com/x/status/1439705567400894464

I can't post links

Updated.

 

[Mr. Glomar]

Just for clarification, Troy created a Twitter poll and asked the HIBP community to vote on whether to include the breach, because there was so much scraped WHOIS data.

I can't post links but it's easy enough to find if you search Troy Hunt's timeline for Epik and WHOIS.

Thanks for the update, here's the tweet.

Troy Hunt on Twitter: "Processing the Epik breach and there's *lots* of email addresses taken from other places, for example stored copies of WHOIS records. If your address is in there - even if you didn't subscribe to the service - do you want @haveibeenpwned to notify you that they have your address?" / Twitter

 

[bmugford]

Thanks for your professional response,

Whether Epik can survive this situation or not is something that we have to wait and see,

But, I haven't seen too many people that are willing to provide any constructive advice towards saving Epik as a Company.

As I have mentioned before everyone has to decide what the goal is here:

Is it to Destroy

or

Is it to Reform

If the goal is to Destroy then I think that this thread is right on track (although it reminds me of some of those nature documentaries that I see on TV where a pack of wolves relentlessly and ruthlessly tries to bring down a big buffalo).

But, if the goal is to Reform Epik then we need to see more impartial and constructive posts (advice) from the members here.

To Reform Epik it might be a good idea to start with getting a few non ideological people that are more business minded at the top in the board of directors while trying to simultaneously come up with some immediate plans for overhauling and upgrading all the security procedures and practices at all levels.

Also if Epik wants to continue to promote Free Speech by giving the fringe and extremist groups an opportunity to express themselves then they have to do that equally across the board for everyone and not just cater to certain racists groups and they also should draw some red lines in order to prevent anyone from using the Epik platform to bring harm to others or to the society and humanity at large.

IMO

This is just completely irrelevant in my view. It is a very odd position to take.

Why would it be my responsibility, or anyone else's, to help save a company?
The free market will make that decision.

It is also at a point where we don't have real clarity on much. We do know from experts analyzing the way Epik handled data, that it was almost universally believed to be lax and unacceptable.

The ball is in Epik's court to save their own company via their actions. It is no one else's responsibility.

I don't think their actions so far have been real helpful to their cause.

Brad

 

[Future Sensors]

CBS News, 29 sep. 2021

"The hacking group known as Anonymous is behind the massive data breach that exposed the identity of users on the Epik platform, which is popular with some far-right extremist groups. CBSN tech reporter Dan Patterson joins CBSN AM with the latest."

 

[jberryhill]

This is a note written to your highest self.

 

[Future Sensors]

https://twitter.com/x/status/1443649257387565056

 

[Future Sensors]

https://twitter.com/x/status/1443655251173724163

 

[mr-x]

This hack (rightfully or wrongfully *) has been more about exposing information regarding some of the far right groups rather than trying to take anyone’s domains.

1) Anonymous doesn't care who they hurt.

2) They are anarchist, that is their motive.

3) They are criminals in the worst sense. You can argue E. Snowden or CPL. Manning acted on principle. They exposed wrong doing by our Gov.

Anonymous hurts people. Period. They helped no-one.

* The only way that the hackers can justify their actions as being hacktivists is if they also expose some of the shortcomings and injustices in the far left, otherwise they are just being used as political tools and pawns by those who want to bring down their opposition in any which way that they can.

Disclaimer: I am not associated or affiliated with anyone. These are my opinions as a neutral and impartial observer.

IMO

egos with no morals.

 

[Beezy]

Has anyone other than Escrow.com reset passwords or taken any other security measures based on this Epik breach?

 

[tonyk2000]

As was pointed out in this thread numerous times before, not only passwords, but the leaked email(s) itself should be replaced everywhere.

Domain theft is a major problem. Your email, be it account email @ another registrar or domain whois mail with or without whois privacy, is the first step to locate the victim (account, domains, security questions) and/or to start hacking work. Saying nothing about extra info, such as epik-regged domains you transferred away before. Even if your are still the only person accessing your email (different passwords used for epik and for email) - do yourself a favor and change the email.

Are security questions/answers required by a registrar or marketplace? Favorite color? Use random answers (different in each case).

Use different emails for each critical service. Have a lot of domains with "Registrar X" (not Epik?)? Start using an unique email with them, do not enter this email anywhere else, use it for communications with this registrar only.

I do not own sex .com or other million dollar domains - but in my domaining career I still saw extremely sophisticated attempts to access my accounts, obtain PII including possible answers to security questions using social engineering, etc, etc.

Is your epik leaked email also snapnames/namejet/dropcatch whois email, or account email? Replace it. Do not forget to visit netsol, mydomain, bigrock. moniker, register .com and all other registrars you have an account with (as a result of snapnames-namejet old purchases). Replace account emails with them as well. Those accounts are permanently linked to snapnames or namejet. Sometimes, all existing domains with then be locked for 60 days (definitely the case @ netsol) - let it so be. NetSol now has a new interface, where the "billing" domain contact is almost invisible. Check billing contact email using an "old" link: https://www.networksolutions.com/manage-it/billing-info.jsp , as you will possibly need to update email at this section separately.

Be paranoid. It would not harm.