alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

I would explain why in detail .. but this thread isn’t the place…

it appears the hacking continues .. i think .. sure there are some who don’t want to be exposed .. but as a majority .. I wouldn’t think the people who are in the affiliations being exposed have any shame in being in their affiliation and cause … no more than I would think any Far Right people have any shame in their affiliation or exposure for participating in the affiliation activities or causes.

Well, it sure looks like from analysis of the data breach that a lot of people have been trying to hide their connections to groups, organizations, websites, etc. Only they can answer why that is if they are so proud of these connections.

Brad

 

[DN Playbook]

Investigative journalists from twitter are once again trying to connect the dots (Epik and the datacenter):

This is because they need internet connectivity, ventilated racks and the like.

Now, they are mixing Epik and its clients with the datacenter and their clients. What would be the next sensation? ;-()

Not sure exactly what your point is, but data services providers will not be responsible for activities on their networks that violate their terms. Also the developers of the code are not in the jurisdiction of US laws. Hence the buck will land in RM/E's court in all likelihood. Time will tell.

Something like this, basically.

How Many People Do You Need for a Class Action Lawsuit? | Class Action Lawsuits | Ben Crump

Lawyers get richer, affected parties usually get a bag of peanuts and that's that.

This is why there is an investigation first, to see if there are sufficient plaintiffs to make a class action lawsuit likely lead to a settlement.

And BTW, western economies thrive on the legal system.

 

[mr-x]

At this point, it's not a wise thing to encourage someone to download the data, especially not @Paul.

Honest question, why?

 

[mr-x]

Well, it sure looks like from analysis of the data breach that a lot of people have been trying to hide their connections to groups, organizations, websites, etc. Only they can answer why that is if they are so proud of these connections.

Brad

Are you kidding? Gina Carano was fired for posting Beep / Bop / Boop as her pronouns after weeks of harassment by left wing lunitics. People have been fired from their jobs for tweets made as teenagers.

If you're a conservative or Christian, your going to be harassed. Also, people have all kinds of reasons for not wanting others to know what they are doing.

 

[bmugford]

Are you kidding? Gina Carano was fired for posting Beep / Bop / Boop as her pronouns after weeks of harassment by left wing lunitics. People have been fired from their jobs for tweets made as teenagers.

Well, private companies can employ who they want. If you don't like their decisions then don't buy their products or services.

Either way, the point being that a lot of people were/are hiding their connections for whatever reasons. It might be that, it might be shame, it might be legal issues, or any number of other reasons.

Brad

 

[mr-x]

Yeah, well it is what it is. Rob and Epik are basically saying nothing on the subject.

Good or bad there are a lot of people analyzing the data from amateurs to top tier security experts, and everything in between.

Brad

Thanks but I wasn't talking about people actually investigating.

 

[Derek Peterson]

It didn't sound to me like white labeling—Rob said they acquired the registrar code and engineering team from Intrust. But for some reason, it seems they allowed the engineering team to retain total ownership of the code, totally siloed from the rest of Epik's team.

Yeah, proprietary code. He doesn't like to build or manage things. Not exactly a white label but same general idea as far as not having to build or manage.

 

[mr-x]

Yeah, proprietary code. He doesn't like to build or manage things. Not exactly a white label but same general idea as far as not having to build or manage.

Technically he owned the code and the engineers worked for him, so not a white label. Must have been some conversation when they refused to give access. Job security.

 

[bmugford]

Technically he owned the code and the engineers worked for him, so not a white label. Must have been some conversation when they refused to give access. Job security.

Not sure how you can refuse to give the code to a product you own. That should have been the first warning sign, in fact that should have been part of due diligence before they even bought them.

Brad

 

[finitecrystal]

Love all the twitter investigators with no-name, affiliation. Just like real journalist.

Probably because they don't want to be targeted by Joey Camp or one of the countless other fascist assholes who have a vested interest in keeping that information from getting out. Journalists have been getting doxxed non-stop since the first dump, people have very reasonable justifications to not want their name associated with their research in this case.

 

[Derek Peterson]

Technically he owned the code and the engineers worked for him, so not a white label. Must have been some conversation when they refused to give access. Job security.

If he didn't have access to it then he didn't own it. He probably did some license deal.

 

[Derek Peterson]

Probably because they don't want to be targeted by Joey Camp or one of the countless other fascist assholes who have a vested interest in keeping that information from getting out. Journalists have been getting doxxed non-stop since the first dump, people have very reasonable justifications to not want their name associated with their research in this case.

So they in turn dox a bunch of people they don't agree with. What a world.

 

[finitecrystal]

If he didn't have access to it then he didn't own it. He probably did some license deal.

The implication I got from the Jitsi meeting was that Epik owned the code and employed this "captive" development team that didn't want to share it with the rest of the company. I don't think Rob Monster is a very effective communicator, so maybe I misunderstood what he was trying to say, but that's what it sounded like to me.

 

[finitecrystal]

So they in turn dox a bunch of people they don't agree with. What a world.

No, they publicly shame those people by making their names public. I haven't seen any researchers post any street addresses or similar information publicly. Doxxing is supposed to be disallowed on Twitter, researchers and journalists that aren't hack frauds don't get the same inexplicable protections as the likes of Andy Ngo, so they have to respect the rules to avoid getting banned. Not that they actually want to do such a thing in the first place.

 

[mr-x]

Probably because they don't want to be targeted by Joey Camp or one of the countless other fascist assholes who have a vested interest in keeping that information from getting out. Journalists have been getting doxxed non-stop since the first dump, people have very reasonable justifications to not want their name associated with their research in this case.

Or left wing lunatics who think everything they don't like is fascism.

 

[.X.]

Well, it sure looks like from analysis of the data breach that a lot of people have been trying to hide their connections to groups, organizations, websites, etc. Only they can answer why that is if they are so proud of these connections.

Brad

if that turns out to be the case .. then I agree .. there is much to be said by many at this current time .. I guess we will find out in due time

 

[Derek Peterson]

No, they publicly shame those people by making their names public. I haven't seen any researchers post any street addresses or similar information publicly. Doxxing is supposed to be disallowed on Twitter, researchers and journalists that aren't hack frauds don't get the same inexplicable protections as the likes of Andy Ngo, so they have to respect the rules to avoid getting banned. Not that they actually want to do such a thing in the first place.

Just not true.

 

[FernandoBMS]

The so-called "Russian" captive development team is mostly Ukrainian. Monster repeated several times that they (Epik) didn't have access to the code, to the git, and the first time their engineers saw the code was when it was leaked by the hackers.

 

[Derek Peterson]

The implication I got from the Jitsi meeting was that Epik owned the code and employed this "captive" development team that didn't want to share it with the rest of the company. I don't think Rob Monster is a very effective communicator, so maybe I misunderstood what he was trying to say, but that's what it sounded like to me.

IRL no owner would allow the dev team to run wild and not be accountable ro have some code review process in place. They had no real quality checks, obviously. Fox watching the chicken coop.

 

[bmugford]

The so-called "Russian" captive development team is mostly Ukrainian. Monster repeated several times that they (Epik) didn't have access to the code, to the git, and the first time their engineers saw the code was when it was leaked by the hackers.

That is no way to run a company.

Brad