alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Paul]

As a security professional you should know better to make such a general statement.

It was not a general statement.

The majority of the domains in any given portfolio are of average value and quality which really no one (not even the hackers) is going to go through the trouble to take.

I am not in a position to assess the value of anyone's portfolio. My statement was with regards to the risk to domains--whether that risk is applicable or tolerable to any individual is not something I can determine. I was asked a specific question and provided a specific answer.

As far as the innocent business clients go who have a domain or two that they use for their websites it seems that the hackers have taken some precautions to keep those people safe and anyone else who might gain access to their info is probably is not going to mess with them as interfering with other people’s business is a major crime.

I addressed this by excluding people who feel they can trust the hackers.

So it seems that most people should worry more about losing their personal info than losing any domains.

The question to which I was responding was about domains, not personal info. The risk to personal info has been addressed elsewhere in this thread.

So In my opinion domainers should not worry as much about losing their domains because the majority of those domains are not worth the trouble for anyone to try to take.

That is not for me to determine. I can only speak to the risk to the domains.

This hack (rightfully or wrongfully *) has been more about exposing information regarding some of the far right groups rather than trying to take anyone’s domains.

That appears to be what the hackers stated. Whether you trust them to be honest is up to you.

 

[Future Sensors]

I wonder what will happen to Epik's "Forever Domains" they offered as a "guarantee", if for whatever reason they fail as a company on the long run...

These are some official statements about such a situation:

https://www.namepros.com/threads/epik-promotion.1242873/#post-8308123

https://www.namepros.com/threads/epik-promotion.1242873/#post-8308165

 

[Mr. Glomar]

Do you think E will survive this as a registrar?

Even if they survive "this", will they survive the "next one" and the one after that?

Even the most resilient people don't psychologically handle repeat attacks well at all, eventually most customers will conclude "enough is enough" and leave. A certain group of people will stay, but ultimately they'll be forced to leave when the business runs out of resources.

Not just customers, staff too.

Employees don't want to be associated with massive failures like this that are all over the news, and they're currently discovering a lot of stuff about their employer that they were probably oblivious to.

The level of impact these attacks will have on employees largely depends on culture, where they actually live and their family circumstances. Regardless, they'll likely be "very worried" about their future at best, which will lead to them keeping an eye out for other opportunities.

I believe the threat will persist, it isn't over yet in my opinion.

 

[Derek Peterson]

Dear Paul,

This is a note written to your highest self.

First of all, I want to acknowledge that NamePros as a community is fundamentally a force for good where industry participants have an opportunity to learn from each other and overcome challenges as they arise. I am thankful that it exists.

My reason for acquiring DNF earlier this year was not because I want to be in the forum business. I don’t. Rather it was because of what I observed to be a systematic anti-Epik bias. This troubled me and the situation at NP did not improve.

As for the most recent hack incident, we are certainly learning from it. You likely heard that we secured significant investment funding. We have not announced the full extent of the hiring and acquisitions but suffice it to say, we have been upgrading.

Already before this investment, Epik was moving swiftly to bring new innovations to the industry. Although we are not without our blind spots or shortcomings, the progress of maturing as a company was well under way.

The hack incident is relatively understood. We know who did it, how they did it, and when they did it. We also have a pretty good idea of why they did it and for whose benefit.

As I review the latest NP thread, what I find most troubling is that you are actively participating in what looks to be a concerted effort to defame and undermine Epik. In all sincerity, and in the spirit of “love thy neighbor”, this is not a good look for you.

Your name is Paul — the namesake of the man who was once Saul of Tarsus. Whoever named you likely had some awareness of Paul. It is a Biblical name. As Bible characters go, Paul is a personal favorite as he embodies the optimistic view on man’s journey.

So, why am I telling you this? Because the choices you are making will have consequences.

Epik will not perish. Our compliance team is following best practices. Our insurance coverage is ample. Our team is solid. Our domains under management continues to grow. And lastly, and most importantly, because God is on the throne.

My encouragement to you is to view your current actions and choices through an eternal lens. If souls are eternal, as I am quite sure they are, then even a $1 million “Epik Fail” bounty would not be worth it if it factored materially in your eternal path.

Finally, as I believe there are many folks who are likely damning themselves with false testimony, I would encourage a time slot that allows forum thread commenters the opporunity to go back and redact any false testimony before it is memorialized for consequence.

Regards,
Rob

Edit:

My reply:

Have I made any incorrect statements of fact? If so, please enumerate them.

His response:

Paul,

This was not a legal letter. Perhaps you have decided to make it one but please know that the note I wrote was written to your eternal soul.

Regards,
Rob

WOW! Not only is Paul's laptop in danger of hell fire from Rob's original curse because he has seen the data but now Mr Monster is cursing Paul's eternal soul for simply telling the truth.

This is a little off topic but as Fundy, Bible believing, born-again Christian I feel compelled to say that this is not the way Christians should behave. Rob Monster is not God. He has no power to curse anyone and the fact that he is threatening people with legal action (albeit subtly) and even trying to manipulate them using Christianity is just wrong, especially considering he is doing all these things to cover up truth, truth that is being told because others are more concerned for his customers than he is. Rob is the one who should be concerned about his "eternal soul".

Also, this behavior is nothing knew for Mr Monster. He has threated to sue me and others at least a half dozen times, demanded I take down videos exposing Gab, tried to get me banned from about every platform we have interacted and is constantly trying to manipulate using Christianity, which I am admittedly susceptible to but not any more with Mr Rob Monster. My hope for him is gone.

IMHO no one should ever trust Rob Monster again, not with their data, not with their domains and certainly not with anything pertaining to their eternal soul. He is not an honest man and he uses Christianity to control others and get power over them so he can take the things he wants. I have seen pastors and others in power with the same spirit and it always ends in abuse. Only after he sincerely repents and proves himself for several years serving others should anyone even consider trusting him again.

 

[Mr. Glomar]

WOW! Not only is Paul's laptop in danger of hell fire from Rob's original curse because he has seen the data but now Mr Monster is cursing Paul's eternal soul for simply telling the truth.

This is a little off topic but as Fundy, Bible believing, born-again Christian I feel compelled to say that this is not the way Christians should behave. Rob Monster is not God. He has no power to curse anyone and the fact that he is threatening people with legal action (albeit subtly) and even trying to manipulate them using Christianity is just wrong, especially considering he is doing all these things to cover up truth, truth that is being told because others are more concerned for his customers than he is. Rob is the one who should be concerned about his "eternal soul".

Also, this behavior is nothing knew for Mr Monster. He has threated to sue me and others at least a half dozen times, demanded I take down videos exposing Gab, tried to get me banned from about every platform we have interacted and is constantly trying to manipulate using Christianity, which I am admittedly susceptible to but not any more with Mr Rob Monster. My hope for him is gone.

IMHO no one should ever trust Rob Monster again, not with their data, not with their domains and certainly not with anything pertaining to their eternal soul. He is not an honest man and he uses Christianity to control others and get power over them so he can take the things he wants. I have seen pastors and others in power with the same spirit and it always ends in abuse. Only after he sincerely repents and proves himself for several years serving others should anyone even consider trusting him again.

As I watched Rob Monster in the "prayer meeting" for four hours I didn't see the apology and remorse that I was genuinely expecting to see. I saw a man that's highly skilled at "grooming", "manipulating" and "coercing" people, and came away with the impression that he usually gets away with it.

I don't see a "good" Christian, I see a dishonest liar and manipulator that I could never trust.

 

[Windoms]

So,
I have a microsoft account that I created using the same email as my epik account (gmail). You can create a microsoft account using a gmail email address as your login.
That microsoft account will give you access to all services including email, skype, etc..

I used my super cautious gmail email that I only use only on very trusted services, I have 0 spam emails, I use secondary emails for other websites. On haveitbeenpwned, the only breach is epik's.

1 hour ago, someone logged in that microsoft account using my gmail email. I just received a notice from microsoft (unusual login activity).

Had completely forgotten about that microsoft account, hopefully it was empty, just changed password.

Go through your emails, and find all services where you've signed up.
People are scraping hard.

 

[Paul]

On haveitbeenpwned, the only breach is epik's.

Not all breaches are public or make it to HIBP (Have I Been Pwned), so while it's possible it was a result of the Epik breach, it's difficult to know for certain unless it affects more people.

Also, Troy Hunt, founder of HIBP, opted to include email addresses that appeared in the leak in the form of WHOIS entries from other registrars. His site won't specify what information was included; appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

Edit: That being said, any passwords in public leaks do eventually find their way into credential stuffing combo lists. You should certainly change your passwords if you have entered them into Epik's website, as the the leak does appear to contain failed password attempts.

 

[The Grinch]

I'm surprised by how easy it was to get my bank card (one used on Epik) replaced, just called bank, they printed me a new card/number and I picked it up minutes later.

I assumed it was going to be a huge hassle of not being able to use Debit, and wait weeks for a new card.

Hopefully Epik stops storing such info, and actually uses some sort of encryption so this issue doesn't happen again.

 

[Paul]

I'm surprised by how easy it was to get my bank card (one used on Epik) replaced, just called bank, they printed me a new card/number and I picked it up minutes later.

Banks are accustomed to this. It's usually a lot easier to replace cards before they're misused rather than after.

 

[Derek Peterson]

As I watched Rob Monster in the "prayer meeting" for four hours I didn't see the apology and remorse that I was genuinely expecting to see. I saw a man that's highly skilled at "grooming", "manipulating" and "coercing" people, and came away with the impression that he usually gets away with it.

I don't see a "good" Christian, I see a dishonest liar and manipulator that I could never trust.

Yes, you saw clearly. Your word choices are on the money. Not a good look for Christianity.

 

[Windoms]

Not all breaches are public or make it to HIBP (Have I Been Pwned), so while it's possible it was a result of the Epik breach, it's difficult to know for certain unless it affects more people.

Also, Troy Hunt, founder of HIBP, opted to include email addresses that appeared in the leak in the form of WHOIS entries from other registrars. His site won't specify what information was included; appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

Edit: That being said, any passwords in public leaks do eventually find their way into credential stuffing combo lists. You should certainly change your passwords if you have entered them into Epik's website, as the the leak does appear to contain failed password attempts.

I don't even use that email for communication.
Neither for namepros, or paypal.
A big, absolute 0 spam emails.
It's clean.
99.9% chance login was from this breach.

appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

If you had an account there, your password was exposed.
Hackers said in the initial press release that included was
"account credentials for all epik customers, hosting, anonymize, VPN, and so on".

 

[oldtimer]

Let me ask you this, since you think people shouldn't worry too much. Do you think E will survive this as a registrar? Will they be able to come back from this? Don't mind the leaked PII, sales data, CC records, whatever. If E goes down, having a big portfolio over there is gonna hurt your business. If using E is part of your 'business model' you will be suffering. I already noticed some small portfolio holders having a hard time because of this, unloading, transferring....

So much for creating abundance.

Thanks for your professional response,

Whether Epik can survive this situation or not is something that we have to wait and see,

But, I haven't seen too many people that are willing to provide any constructive advice towards saving Epik as a Company.

As I have mentioned before everyone has to decide what the goal is here:

Is it to Destroy

or

Is it to Reform

If the goal is to Destroy then I think that this thread is right on track (although it reminds me of some of those nature documentaries that I see on TV where a pack of wolves relentlessly and ruthlessly tries to bring down a big buffalo).

But, if the goal is to Reform Epik then we need to see more impartial and constructive posts (advice) from the members here.

To Reform Epik it might be a good idea to start with getting a few non ideological people that are more business minded at the top in the board of directors while trying to simultaneously come up with some immediate plans for overhauling and upgrading all the security procedures and practices at all levels.

Also if Epik wants to continue to promote Free Speech by giving the fringe and extremist groups an opportunity to express themselves then they have to do that equally across the board for everyone and not just cater to certain racists groups and they also should draw some red lines in order to prevent anyone from using the Epik platform to bring harm to others or to the society and humanity at large.

IMO

 

[Mr. Glomar]

Not all breaches are public or make it to HIBP (Have I Been Pwned), so while it's possible it was a result of the Epik breach, it's difficult to know for certain unless it affects more people.

Also, Troy Hunt, founder of HIBP, opted to include email addresses that appeared in the leak in the form of WHOIS entries from other registrars. His site won't specify what information was included; appearance in the leak does not necessarily mean that your password at Epik was compromised, or even that you ever had an account there.

Edit: That being said, any passwords in public leaks do eventually find their way into credential stuffing combo lists. You should certainly change your passwords if you have entered them into Epik's website, as the the leak does appear to contain failed password attempts.

Just for clarification, Troy created a Twitter poll and asked the HIBP community to vote on whether to include the breach, because there was so much scraped WHOIS data.

I can't post links but it's easy enough to find if you search Troy Hunt's timeline for Epik and WHOIS.

 

[Future Sensors]

Hello @Rob Monster

Proper post-mortem and IH procedures are not just about the technical side of things.

A short (but substantive) update would be most welcome. As mentioned, regaining trust has to start somewhere. The email to Paul may have been a bit unfortunate. This professional domain name forum where you've been a very active participant for years seems like a good place to set things straight. It is clear that there are a lot of questions among the media and customers. Every day new things are added. See this as an opportunity where you can easily reach a large target group, since everything discussed here is also picked up by other media.

 

[FernandoBMS]

Epik's modus operandi for dealing with criticism has been to harass, try to defame and doxx its critics. This is not an opinion, it is a well-documented fact. Now that it has become impossible to deny certain facts and the volume of criticism has increased a lot, what is left for them is to say that your immortal soul is at risk if you say anything negative about them.

It would be funny if it wasn't sad.

 

[Bravo Mod Team]

Troy created a Twitter poll and asked the HIBP community to vote on whether to include the breach, because there was so much scraped WHOIS data.

https://twitter.com/x/status/1439007532287082496

https://twitter.com/x/status/1439705567400894464

I can't post links

Updated.

 

[Mr. Glomar]

Just for clarification, Troy created a Twitter poll and asked the HIBP community to vote on whether to include the breach, because there was so much scraped WHOIS data.

I can't post links but it's easy enough to find if you search Troy Hunt's timeline for Epik and WHOIS.

Thanks for the update, here's the tweet.

Troy Hunt on Twitter: "Processing the Epik breach and there's *lots* of email addresses taken from other places, for example stored copies of WHOIS records. If your address is in there - even if you didn't subscribe to the service - do you want @haveibeenpwned to notify you that they have your address?" / Twitter

 

[bmugford]

Thanks for your professional response,

Whether Epik can survive this situation or not is something that we have to wait and see,

But, I haven't seen too many people that are willing to provide any constructive advice towards saving Epik as a Company.

As I have mentioned before everyone has to decide what the goal is here:

Is it to Destroy

or

Is it to Reform

If the goal is to Destroy then I think that this thread is right on track (although it reminds me of some of those nature documentaries that I see on TV where a pack of wolves relentlessly and ruthlessly tries to bring down a big buffalo).

But, if the goal is to Reform Epik then we need to see more impartial and constructive posts (advice) from the members here.

To Reform Epik it might be a good idea to start with getting a few non ideological people that are more business minded at the top in the board of directors while trying to simultaneously come up with some immediate plans for overhauling and upgrading all the security procedures and practices at all levels.

Also if Epik wants to continue to promote Free Speech by giving the fringe and extremist groups an opportunity to express themselves then they have to do that equally across the board for everyone and not just cater to certain racists groups and they also should draw some red lines in order to prevent anyone from using the Epik platform to bring harm to others or to the society and humanity at large.

IMO

This is just completely irrelevant in my view. It is a very odd position to take.

Why would it be my responsibility, or anyone else's, to help save a company?
The free market will make that decision.

It is also at a point where we don't have real clarity on much. We do know from experts analyzing the way Epik handled data, that it was almost universally believed to be lax and unacceptable.

The ball is in Epik's court to save their own company via their actions. It is no one else's responsibility.

I don't think their actions so far have been real helpful to their cause.

Brad

 

[Future Sensors]

CBS News, 29 sep. 2021

"The hacking group known as Anonymous is behind the massive data breach that exposed the identity of users on the Epik platform, which is popular with some far-right extremist groups. CBSN tech reporter Dan Patterson joins CBSN AM with the latest."

 

[jberryhill]

This is a note written to your highest self.

 

[Future Sensors]

https://twitter.com/x/status/1443649257387565056

 

[Future Sensors]

https://twitter.com/x/status/1443655251173724163

 

[mr-x]

This hack (rightfully or wrongfully *) has been more about exposing information regarding some of the far right groups rather than trying to take anyone’s domains.

1) Anonymous doesn't care who they hurt.

2) They are anarchist, that is their motive.

3) They are criminals in the worst sense. You can argue E. Snowden or CPL. Manning acted on principle. They exposed wrong doing by our Gov.

Anonymous hurts people. Period. They helped no-one.

* The only way that the hackers can justify their actions as being hacktivists is if they also expose some of the shortcomings and injustices in the far left, otherwise they are just being used as political tools and pawns by those who want to bring down their opposition in any which way that they can.

Disclaimer: I am not associated or affiliated with anyone. These are my opinions as a neutral and impartial observer.

IMO

egos with no morals.

 

[Beezy]

Has anyone other than Escrow.com reset passwords or taken any other security measures based on this Epik breach?

 

[tonyk2000]

As was pointed out in this thread numerous times before, not only passwords, but the leaked email(s) itself should be replaced everywhere.

Domain theft is a major problem. Your email, be it account email @ another registrar or domain whois mail with or without whois privacy, is the first step to locate the victim (account, domains, security questions) and/or to start hacking work. Saying nothing about extra info, such as epik-regged domains you transferred away before. Even if your are still the only person accessing your email (different passwords used for epik and for email) - do yourself a favor and change the email.

Are security questions/answers required by a registrar or marketplace? Favorite color? Use random answers (different in each case).

Use different emails for each critical service. Have a lot of domains with "Registrar X" (not Epik?)? Start using an unique email with them, do not enter this email anywhere else, use it for communications with this registrar only.

I do not own sex .com or other million dollar domains - but in my domaining career I still saw extremely sophisticated attempts to access my accounts, obtain PII including possible answers to security questions using social engineering, etc, etc.

Is your epik leaked email also snapnames/namejet/dropcatch whois email, or account email? Replace it. Do not forget to visit netsol, mydomain, bigrock. moniker, register .com and all other registrars you have an account with (as a result of snapnames-namejet old purchases). Replace account emails with them as well. Those accounts are permanently linked to snapnames or namejet. Sometimes, all existing domains with then be locked for 60 days (definitely the case @ netsol) - let it so be. NetSol now has a new interface, where the "billing" domain contact is almost invisible. Check billing contact email using an "old" link: https://www.networksolutions.com/manage-it/billing-info.jsp , as you will possibly need to update email at this section separately.

Be paranoid. It would not harm.