alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[mr-x]

Also, please cite where I said the "majority" of Epik's customers are associated with the right wing or extremists.

You didn't say a majority. I was wrong.

 

[bmugford]

You didn't say a majority. I was wrong.

I appreciate that.

In fact I said the vast majority of the registrations there were simply domain investors.

I have talked to some since this happened that really had no idea about any of Epik's controversy before this data breach. They were simply there due to things like pricing, customer support, and (supposed) level of security.

Brad

 

[mr-x]

Ok, so then in your view the hackers have 100% of the blame and Epik has 0% of the blame for the lax security measures, that across the board has been called unacceptable (and worse) by security and IT experts.

Brad

No. The hackers are 100% to blame for stealing the data and releasing it. Epik is 100% to blame for ignoring security.

I hope Epik will be a better company. I resent the idea they somehow brought this on themselves for dealing with people with political views the hackers don't approve of.

 

[bmugford]

No. The hackers are 100% to blame for stealing the data and releasing it. Epik is 100% to blame for ignoring security.

I hope Epik will be a better company. I resent the idea they somehow brought this on themselves for dealing with people with political views the hackers don't approve of.

Well, Epik should certainly know they are a target. Right or wrong, that is just a fact.

With that being the case, their handling of data leaves a lot to be desired, to say the least. I have seen multiple experts in the field use terms like "negligence".

Epik made lots of marketing claims about security, which don't appear to match the reality. I would expect more from the "Swiss bank of domains."

Companies face hack attempts daily. This was only this successful because of Epik's security measures. There are a lot of legitimate questions that they need to answer regarding their storage of customer data.

Brad

 

[mr-x]

...
Companies face hack attempts daily. This was only this successful because of Epik's security measures. There are a lot of legitimate questions that they need to answer regarding their storage of customer data.

Brad

I would say "made worse" by Epik's lack of data security. I doubt we hear about most breaches but I look forward to the post analysis.

 

[Windoms]

If a man robbed your neighbors house, would you blame the cheap lock and then tell him he deserved it because of the people he does business with?

Lol if neighbors are drug dealers storing drugs, its normal.
Guilty by association, your responsibility to know where you are putting your feet.
There's a reason why other registrars wouldnt touch these guys.
Rob extended his hands to them.
His actions, his consequences.

Not like the neighbor was an innocent old lady distributing free speech flyers.
She was also protecting and broadcasting their ideas, when everyone else kicked them out because of what they were plotting/discussing.
Now her house got burned down, and everyone thinks she's part of them.

Sounds normal.

 

[mr-x]

Lol if neighbors are drug dealers storing drugs, its normal.
Guilty by association, your responsibility to know where you are putting your feet.
There's a reason why other registrars wouldnt touch these guys.
Rob extended his hands to them.
His actions, his consequences.

Not like the neighbor was an innocent old lady distributing free speech flyers.
She was also protecting and broadcasting their ideas, when everyone else kicked them out because of what they were plotting/discussing.
Now her house got burned down, and everyone thinks she's part of them.

Sounds normal.

So Epick deserved to be hacked and their customers are fools for not realizing how evil Epik is standing up for the #1A, Bill of Rights and Constitution.

Epik wasn't dealing drugs. They did business with people with objectionable politics.

 

[Paul]

I would say "made worse" by Epik's lack of data security. I doubt we hear about most breaches but I look forward to the post analysis.

Brad has articulated the issue fairly well. Epik was keen on comparing themselves to a bank, and they certainly weren't concerned about making themselves a target. Even without those two factors, the lack of security we're seeing in the leaked data is far from acceptable.

The practices evident in their code are some of the worst I've seen in at least a decade, especially for a company as prominent as a registrar. It feels like the early 2000's all over again, when companies were still learning that security was important.

Guilty by association, your responsibility to know where you are putting your feet.

That isn't a fair argument: https://en.wikipedia.org/wiki/Association_fallacy This is also getting fairly political and isn't of much immediate consequence.

So Epick deserved to be hacked and their customers are fools for not realizing how evil Epik is standing up for the #1A, Bill of Rights and Constitution.

There are going to be knee-jerk reactions to this in which people feel as though their opinions were validated, and it's going to be difficult for them to keep their respective ideologies and impressions of Epik out of their posts. That doesn't mean you should respond in kind.

This also just isn't a productive line of reasoning; it's akin to people saying, "I told you so," and others responding with, "So you're saying they deserved it?" Epik's policies have been discussed extensively elsewhere on NamePros for years--it always descends into a flame war.

Edit: Typo

 

[Windoms]

So Epick deserved to be hacked and their customers are fools for not realizing how evil Epik is standing up for the #1A, Bill of Rights and Constitution.

Epik wasn't dealing drugs. They did business with people with objectionable politics.

Show attachment 200903

Whether they deserved it or not, they knew it was coming.
Therefore a minimum of security.
That is the unforgivable mistake, which turned this into a joke.

Bitmitigate, vpn services, swiss security safety vault stories..
Lame.

 

[Jona4s]

Man, you have to stop deleting my posts. I thought you were in favor of informing people.

Why don't you want people to know the truth.

I was just posting technical info.

 

[mr-x]

Brad has articulated the issue fairly well. Epik was keen on comparing themselves to a bank, and they certainly weren't concerned about making themselves a target. Even without those two factors, the lack of security we're seeing in the leaked data is far from acceptable.

The practices evident in their code are some of the worst I've seen in at least a decade, especially for a company as prominent as a registrar. It feels like the early 2000's all over again, when companies were still learning that security was important.

I agree. Let's not loose sight of who perpetrated this crime. Your first post on hacker motives was spot on too.

 

[Windoms]

Man, you have to stop deleting my posts. I thought you were in favor of informing people.

Why don't you want people to know the truth.

I was just posting technical info.

I saw your picture/graph, but I didnt understand its meaning.
Simply tell us in words what your findings are or what it meant.
Instead of showing a techie graph that shouldnt be shown pubicly.

 

[Jona4s]

But why is he deleting my posts.

This is supposed to be an open conversation on security, isnt it?

 

[Future Sensors]

Bitmitigate, vpn services, swiss security safety vault stories..

The analogy Epik makes with a Swiss bank is interesting. Banking secrecy has come under considerable pressure in recent years, and information is being shared with tax authorities in other countries.

Depending on how you look at it, Swiss banks are still a strong brand, or maybe not so much.

 

[Paul]

Man, you have to stop deleting my posts. I thought you were in favor of informing people.

Why don't you want people to know the truth.

I was just posting technical info.

You can repost it as long as you clarify what it means. Please explain it in non-technical terms, including why it's important and the caveats that information has.

But why is he deleting my posts.

This is supposed to be an open conversation on security, isnt it?

Yes, but the audience here isn't exclusively technical. If you just post scary-looking images without providing context, they're going to be deleted--they're misleading on their own.

 

[Jona4s]

a buffer overflow published on cve is not misleading. it's just a non 0day exploit that happens to match a service epik is/was using. I even censored some parts.

and you posted the hostnames of disk images. there's no secret on what has been released and the flaws of their code.

just tell me if you want me to stop looking at the system on the leak and post stuff about it here

 

[Paul]

a buffer overflow published on cve is not misleading. it's just a non 0day exploit that happens to match a service epik is/was using. I even censored some parts.

It's misleading to people who don't understand what it means without context. Don't just dump information here; explain what it means. This isn't Twitter. Again, you can repost it, and as long as you explain to everyone else what you're posting, why it's important, and what caveats that information it has, that's fine.

 

[Windoms]

Breaking News

 

[Derek Peterson]

a buffer overflow published on cve is not misleading. it's just a non 0day exploit that happens to match a service epik is/was using. I even censored some parts.

and you posted the hostnames of disk images. there's no secret on what has been released and the flaws of their code.

just tell me if you want me to stop looking at the system on the leak and post stuff about it here

I think people, especially users, are concerned with what info is actually in the data since most of us don't have the ability to look for ourselves. Monster obviously isn't answering actual questions.

What is in hacked data?:
1) Are the server login details for hosting accounts?
2) Is the verification items (drivers license, passports, etc)?
3) Is there a record of websites visited by Epik's VPN users (anonymize service - that site seems down)?
4) Are there any communications between Epik/Rob and Feds?

 

[Paul]

Are the server login details for hosting accounts part of the hacked data?

There is information that looks a lot like credentials and session IDs for hosting. The passwords appear to have been redacted, but session IDs are still present. I don't know whether any of the session IDs are valid or how sensitive they are, and I'm certainly not going to test them.

Is the verification items part of hacked data (drivers license, passports, etc)?

Not that I've seen.

Is there a record of websites visited by Epik's VPN users (anonymize service - that site seems down)?

Not that I've seen. It's possible DNS requests were inadvertently logged somewhere--there's no shortage of inadvertent logging of sensitive information--but I doubt it would be trivial to link such logs to individual users.

Are there any communications between Epik and Feds?

I'm not particularly interested in crawling through the communications that were leaked--there are already plenty of other people doing that--but I did check to see whether my own emails with Rob + Epik were included, and I didn't see them. That leads me to question whether any information was deliberately withheld, so I would be cautious in assessing any controversial communications that do come to light. Remember that all of the data you're seeing passed through an attacker first, and that attacker claims to have had an agenda. While fabricating data without being noticed would have been difficult for such a large dataset, withholding information would have been trivial, and there are multiple signs they did just that.