alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[dirk]

Could you guys cut it out? I don't mind the occasional offtopic post and things getting sidetracked for a bit but you all seem to go above and beyond to make this about anything but this hack.

There's a gab thread.
There's a Parler thread.
There's a politics thread.
There's a what's going on with Rob thread.
There's a religion thread.
There's an environment thread.
There's an Epik thread.

Have fun.

 

[mr-x]

Not yet that I know of but hopefully they do at some point. Also, Gab has done much more serious things than these listed that are getting dealt with.

I don't know anything about Gab. I'm sure it's more complicated than making a police report but if you have hard evidence, you don't have to wait for the FBI. A local DA could handle the case.

 

[Future Sensors]

They've also deleted their prior tweet that informed their customers of the hack (archived).

This is troubling. Thanks for noticing.

That tweet was about the first leak. What about the 2nd and 3rd that happened afterwards?

 

[Molly White]

This is troubling. Thanks for noticing.

That tweet was about the first leak. What about the 2nd and 3rd that happened afterwards?

To my knowledge they haven't acknowledged the second or third leaks (on Twitter or anywhere else).

 

[.X.]

Could you guys cut it out? I don't mind the occasional offtopic post and things getting sidetracked for a bit but you all seem to go above and beyond to make this about anything but this hack.

There's a gab thread.
There's a Parler thread.
There's a politics thread.
There's a what's going on with Rob thread.
There's a religion thread.
There's an environment thread.
There's an Epik thread.

Have fun.

well … I can bail out of this thread … that will mean that I am being chastised for not speaking words that the Left want to hear IMO .. after all .. I am a victim of this hack .. although the innocent victims of the hack appear to be at the back of bus .. that shouldn’t be the case .. but in consistent with the narrative and agenda of the complete hack and the aftermath .. I can see why the victims are being put in the background ….. the thread has served its purpose for me at this point … the vital things that I need understand .. I understand fully now .. with that said .. I am out .. enjoy .. carry on

 

[johnn]

Politics, Racism, Religion, Abortion, and Free Speech are amongst some of the major issues that are at the heart of this case.

So in order to prevent future data breaches the root causes of this hack need to be discussed and analyzed further.

This case could also become a learning experience for the hacktivists and it could help expand their vision so that they can see the big picture better.

IMO

This is Epik problems not yours or mine and why do you keep repeating we need to do something to prevent it?
We have nothing to do with preventing the Epik hack.

 

[dirk]

well … I can bail out of this thread … that will mean that I am being chastised for not speaking words that the Left want to hear IMO .. after all .. I am victim of this hack .. although the innocent victims of the hack appear to be at the back of bus .. that shouldn’t be the case .. but in consistent with the narrative and agenda of the complete hack and the aftermath .. I can see why the victims are being put in the background ….. the thread has served its purpose for me at this point … the vital things that I need understand .. I understand fully now .. with that said .. I am out .. enjoy .. carry on

Not asking you to back off. Just leave the left vs right or, whatever, political, ethical, shit out of this, take that to the other threads.

You're not alway right, but not always wrong either imo. Contribute to the designated threads where it adds value.

Not a personal attack btw, I find myself guilty at times and appreciate people/mods putting me in place just the same . We're all just human. Things like this stir up emotion.

 

[Derek Peterson]

Rob has specifically mentioned me in his letter to Paul. I have written some articles reporting about RM and E in the past during a different scandal or scandals. I opted not to write about this one since I do not want to give more oxygen to RM/E. Instead use this thread to contribute to and learn about the development of this story. I may end up doing a large piece eventually once all the facts are on the table. Rob has in the past reported my NP posts to take them down.

What was the previous scandal? Can you please post links to those articles?

 

[bmugford]

I would like to see this thread closed to further comment, rather than already add to mods difficult task, and a new thread started where it was very clear the topic to be discussed were only things like:

• What can domainer's due to minimize risk from breached data?
• What are best practices?
• What do we know specifically about the breach that is important to know?
• What actions are possible against 'researchers' who are recklessly making it worse by publicly sharing information (note I don't mean real security researchers, who would not do that)?
• What specifically do we need in additional information, and how might we encourage Epik to release that?

I respectfully disagree. Outside some problem posts here and there I think the vast majority of stuff is related to Epik, the data breach, and their security protocols.

Since Rob and Epik are basically providing no useful updates, this is one of the only ways to stay updated, especially for people who don't use Twitter.

Brad

 

[sonatime]

Not asking you to back off. Just leave the left vs right or, whatever, political, ethical, shit out of this, take that to the other threads.

You're not alway right, but not always wrong either imo. Contribute to the designated threads where it adds value.

Not a personal attack btw, I find myself guilty at times and appreciate people/mods putting me in place just the same . We're all just human. Things like this stir up emotion.

I will need to start reviewing this thread to see if my perception is still correct, but I thought politics and ideology was the motivating factor why hackers went after epik. If this thread were about security mishaps and criminal hacking, it would look different.

I thought the presence of the new members/hacker ambassadors in this thread was to make the exposure of the hack look ethical rather than criminal. Maybe I am missing something, but rather than dig into and expose these fringe hate groups, the "ambassadors" are after the destruction of a company by making it unsafe for an average customer to associate with a domain registrar.

Anyway, there is a lot of pages to review to catch up now.

 

[bmugford]

They've also deleted their prior tweet that informed their customers of the hack (archived).

This is troubling. Thanks for noticing.

That tweet was about the first leak. What about the 2nd and 3rd that happened afterwards?

To my knowledge they haven't acknowledged the second or third leaks (on Twitter or anywhere else).

Care to explain @Rob Monster?

Why was the tweet informing customers deleted?
Why no information on the 2nd or 3rd leak?

 

[Future Sensors]

It wasn't that long ago that Epik falsely accused GoDaddy of poor security.

https://domainnamewire.com/2021/01/...ddy-godaddy-says-this-is-why-it-dropped-epik/

 

[bmugford]

It wasn't that long ago that Epik falsely accused GoDaddy of poor security.

https://domainnamewire.com/2021/01/...ddy-godaddy-says-this-is-why-it-dropped-epik/

From the article -

The next month, GoDaddy terminated its Afternic partnership with Epik, apparently catching Epik by surprise.

Epik went public about the termination, apparently violating the contract it signed with GoDaddy in doing so. Epik seemed to tie GoDaddy’s decision to a number of factors, and oddly questioned receiving GoDaddy’s letter “two hours after the election was called for Joe Biden.”

Yesterday, Epik published another letter about the Afternic termination. It argued that one of the factors leading to the termination was that Epik was reporting security issues with the platform.

I reached out to GoDaddy yesterday to see if the company would provide any information about its decision to terminate the partnership with Epik.

Paul Nicks, GoDaddy VP, Domains – Investors and Corporate, issued this statement in response:

Once again, Epik has lobbed baseless accusations against us. To be crystal clear, Epik has not provided us with reports of “repeated Afternic security issues.” If anyone has any concerns about our systems, we work closely with them to answer any questions or resolve issues. This is how a real partnership works.

The reason Epik was dropped has everything to do with their constant attacking of us. We don’t feel the need to partner with someone who time and time again casually lies about a wide variety of issues.

We will not be providing further statements on their business, and reserve the right to explore any and all possible legal options to defend against their baseless claims.

 

[DN Playbook]

What was the previous scandal? Can you please post links to those articles?

Just go to the blog in the signature and search epik.

 

[dirk]

I will need to start reviewing this thread to see if my perception is still correct, but I thought politics and ideology was the motivating factor why hackers went after epik. If this thread were about security mishaps and criminal hacking, it would look different

I agree. The motives are clear. Wrong or right, when it comes down to it, the big takeaway from this thread/hack is the poor security in place at E. Something that affects a lot of clients, no matter what you think/feel about them.

 

[Paul]

The forced password reset process on NamePros was causing confusion. The process has been tweaked in an attempt to provide a clearer resolution path for affected members.

Notably:

• The error message has changed.
• The password reset email is sent automatically upon attempted login without further action required by the user.
• There is a giant, bold, red message on the error page indicating that a password reset is required.
• Further attempts to access the login form will fail, instead displaying the same error. This behavior persists via a cookie for one hour or until a password reset is performed, whichever happens first.

I have not read the recent messages in this thread, as I've been busy troubleshooting, talking to other developers, and attempting to improve the password reset process. We've never had a forced password reset affect this many active users, so it will be a learning process. If you would like to bring specific content to the moderators' attention, please use the "Report" link below each relevant post.

 

[mr-x]

This is an unnecessary dump on Epik. One has nothing to do with the other.

Epik is now accepting Twitter DMs for price inquiries on carryout.com . No word, naturally, on whether they will be answering any of the many inquiries their existing customers have made about the safety of their data and assets. They've also deleted their prior tweet that informed their customers of the hack (archived).

https://twitter.com/x/status/1445453223330861056

 

[Future Sensors]

Thank you @Paul for your continued efforts to keep this forum safe and secure.

Particularly during CyberSecurity Awareness Month 2021

 

[Derek Peterson]

This is an unnecessary dump on Epik. One has nothing to do with the other.

I think her point, which is a valid one, is that Epic has not revealed the 2nd or 3rd hacks and has even removed their notification of the first hack without giving any more updates to users and just went back to business as usual like nothing ever happened.

 

[Derek Peterson]

Again, @Molly White (who posted above) was targeted by Epik for simply being a Wikipedia editor that they disagreed with.

https://www.namepros.com/threads/epik-wikipedia-battle-is-full-on-right-now.1186029/

It lead to harassment, threats, intimidation, and doxxing from parties connected to or supporters of Epik.

Joey Camp, also alleged that he was involved with Rob when it came to Molly White.

When and where did he make that post?