alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Derek Peterson]

I do care about the users, that's why I took the time to analyse half a terabyte of data

But what good does it have when you can't post anything material here.

When it comes to cybersecurity, there should be no restriction, double speech, half-truths or sugar-coating. You should always be completely honest in what's out there on the wild.

Yeah, I don't know the situation there but maybe post somewhere else and link to it here?

 

[Lox]

PDF Attached

 

[Derek Peterson]

PDF Attached

Show attachment 201335

Terrible infographic, they didn't even mention cursing data!

 

[bmugford]

I think there are nothing they can do now except pray.

I think they already tried that. It didn't seem to end well.

In lieu of that, maybe they can actually do something useful like hire some experts in the field that can actually design a system that is not based on "shitty code" and employs acceptable security measures.

Brad

 

[frank-germany]

I had moved all away .. ago when I realized that Rob Monster didn't care about user privacy .... but I do not trust or respect Rob Monster and with good reason.

yes, Sir.

me too

 

[frank-germany]

Please use Challenge! (Duel) button, don't make your BLAH BLAH BLAH mandatory for all readers.

p.s. Who doesn't understand - welcome to Ignorelist.

no idea what you talk about

 

[br1ll1on]

@epik take a note from all the recent hacks and attacks after yours (twitch, hexa, Dan ...) communication plays an important role

 

[internext]

You are free to start another thread related to the hack of google or any other company

Please don't tell me what to do. Every one of your posts is just like the last ...you repeat yourself ad nauseum. You called my last post pitiful. Well guess what? I won't lose any sleep, considering the source.

More criminal activity...

Amazon-owned Twitch breached by hackers who reportedly leaked everything from creator payouts to an unannounced Amazon digital game store.

• The source code for Twitch and creator earnings numbers were reportedly included in the hack.

That's Google, the universal texting service, and Amazon all in today's news. Maybe it's time to start cutting Epik and Rob Monster a little slack.

I'd like to point this out as proof that it doesn't matter how good the security is or is not. Determined criminals will commit crimes.

I'm sure that Google and Amazon have world class security . If these hackers are out to get you they're going to get you.

For all of you spouting off about unsalted this and that... How many of you really understand what you're saying and not just parroting the few here that really do?

I think it's time that we get behind our industry and support the little guy. I remember when GoDaddy was run by Bob Parsons. It was actually not a bad company. You want to lose people like Rob Monster? Be prepared for lack of innovation and the highest possible prices. People like Rob give back to our industry and force competition. You don't have to like him. But you don't need to resort to wishing ill on anyone or becoming an angry mob.

Were flaws exposed? Yup. But if you want to beat Epik to a bloody pulp, you have to be ready to judge all others just as harshly. Or be a hypocrite.

So what is the common denominator? Open your eyes. The real problem here are the hackers. If they can take down the safety of the Chrome browser, all your texting, and amazon, how does the little guy stand a chance?

I'm not saying to love Epik or Rob. Free will prevails. But support your industry and give them a Fighting Chance. They know where they've gone wrong now. Let them try to fix it.

As for communication google tried covering up their issues. The texting service waited 5 years to let it be known. Rob has issued statements which I am sure are in accordance to what he's being advised to do. I can't speak for him. But as open and sharing, even verbose as he is I'm sure he would love to let us all know what he's thinking and what's going on. My guess is he's acting on the advice of counsel. Just a guess

 

[tonyk2000]

If they can take down the safety of the Chrome browser, all your texting, and amazon, how does the little guy stand a chance?

On a side note, this thread contains some useful recommendations (email setup and security). Of course, one should not use Chrome. Pure Chromium is also not the best choice. Ungoogled Chromium would be better, especially if run in a sandbox like any untrusted app. should (ref: Qubes OS by Joanna Rutkowska). Win10 is "untrusted application" by itself, so switching to linux would be wise (Qubes OS is also linux, but this particular flavor is not for beginners though). Securing server side of the things is a different story, we are speaking about workstations now. At least something. If amazon of cell phone company is hacked - it would affect all customers, regardless of their software and equipment, no doubts

 

[tonyk2000]

I think it's time that we get behind our industry and support the little guy.

Yeah, from domainers point of view (zero interest in U.S. politics or in any political issues)- it is not good if a domainer-friendly registrar disappears. Both customers and non-customers should agree imo (more competition = better). We see evidence showing that Epik is going to stay. At least, they did not shut themselves down voluntary, and are still ICANN-accredited. Should Epik manage to stop mixing business and politics, upgrade/rewrite bad code, etc. - it would be a positive outcome...

 

[Jurgen Wolf]

no idea what you talk about

 

[Jurgen Wolf]

Yeah, from domainers point of view (zero interest in U.S. politics or in any political issues)- it is not good if a domainer-friendly registrar disappears. Both customers and non-customers should agree imo (more competition = better). We see evidence showing that Epik is going to stay. At least, they did not shut themselves down voluntary, and are still ICANN-accredited. Should Epik manage to stop mixing business and politics, upgrade/rewrite bad code, etc. - it would be a positive outcome...

This process of termination by ICANN is not fast.
For example, for Pheenix it took a few years.

 

[frank-germany]

Please don't tell me what to do. Every one of your posts is just like the last ...you repeat yourself ad nauseum. You called my last post pitiful. Well guess what? I won't lose any sleep, considering the source.

More criminal activity...

Amazon-owned Twitch breached by hackers who reportedly leaked everything from creator payouts to an unannounced Amazon digital game store.

• • The source code for Twitch and creator earnings numbers were reportedly included in the hack.

That's Google, the universal texting service, and Amazon all in today's news. Maybe it's time to start cutting Epik and Rob Monster a little slack.

I'd like to point this out as proof that it doesn't matter how good the security is or is not. Determined criminals will commit crimes.

I'm sure that Google and Amazon have world class security . If these hackers are out to get you they're going to get you.

For all of you spouting off about unsalted this and that... How many of you really understand what you're saying and not just parroting the few here that really do?

I think it's time that we get behind our industry and support the little guy. I remember when GoDaddy was run by Bob Parsons. It was actually not a bad company. You want to lose people like Rob Monster? Be prepared for lack of innovation and the highest possible prices. People like Rob give back to our industry and force competition. You don't have to like him. But you don't need to resort to wishing ill on anyone or becoming an angry mob.

Were flaws exposed? Yup. But if you want to beat Epik to a bloody pulp, you have to be ready to judge all others just as harshly. Or be a hypocrite.

So what is the common denominator? Open your eyes. The real problem here are the hackers. If they can take down the safety of the Chrome browser, all your texting, and amazon, how does the little guy stand a chance?

I'm not saying to love Epik or Rob. Free will prevails. But support your industry and give them a Fighting Chance. They know where they've gone wrong now. Let them try to fix it.

As for communication google tried covering up their issues. The texting service waited 5 years to let it be known. Rob has issued statements which I am sure are in accordance to what he's being advised to do. I can't speak for him. But as open and sharing, even verbose as he is I'm sure he would love to let us all know what he's thinking and what's going on. My guess is he's acting on the advice of counsel. Just a guess

I'm so glad you use large fonds

now I can more easily agree with you

but you still are a troll

 

[internext]

I'm so glad you use large fonds

you still are a troll

Lol yeah. Hiding under my bridge

I didn't realize and it's too late for me to edit it now but obviously when I cut and pasted that info in bold about twitch it reset my font size for all that followed and I hadn't realized it. Til now.

Welcome to another day

 

[Jurgen Wolf]

switching to linux would be wise

I switched over a decade ago and never even thought about the return to Winhole.
Tried many, but ended with Debian.

 

[Derek Peterson]

Yeah, from domainers point of view (zero interest in U.S. politics or in any political issues)- it is not good if a domainer-friendly registrar disappears. Both customers and non-customers should agree imo (more competition = better). We see evidence showing that Epik is going to stay. At least, they did not shut themselves down voluntary, and are still ICANN-accredited. Should Epik manage to stop mixing business and politics, upgrade/rewrite bad code, etc. - it would be a positive outcome...

From your perspective but not from a financial one for Epik and Monster. It's called marketing. Rob made millions. On his live stream fiasco he even admitted that he didn't believe in actual free speech. Andrew Torba, CEO of Gab, was a "SJW" living in San Fran, because that was his dream, writing articles about the male patriarchy before he started gab with his muslim and indian best freinds. I think you all underestimate the motivation of greed in decisions.

 

[oldtimer]

maybe they can actually do something useful like hire some experts in the field that can actually design a system that is not based on "shitty code" and employs acceptable security measures.

Brad

Although improving, overhauling, and continuous updating of all the security systems and protocols at Epik is a must,

But it is really the prevailing mindset at Epik which has created a mixing of doing business with that of defending and being supportive of certain ideologies and beliefs that are associated with Race, Religion, and Politics that is really at the heart of all the problems that we are seeing today.

It used to be that most companies tried to keep doing business separate from Race, Religion, and Politics for the simple fact that they were able to make more money by catering to all people without taking sides and as such most businesses saw it in their interest to take a neutral stance and stay out of trouble.

But in the current divisive environment that has taken over the World it seems that many companies and businesses are put in a situation that they now have to take sides in order to survive and which side they take is going to depend in a big part on the beliefs and ideologies of the top brass in the company (mainly that of the CEO or the major shareholders).

So no mater how much you improve the level of security at a company if that company is going to take sides when it comes to Race, Religion, and Politics then most likely the hacking is going to continue and although in this instance some people have attributed it to the lax security practices at Epik, but the truth of the matter is that as more and more companies and businesses stop being neutral and start taking sides then we are going to see more and more hackings and breaches that are motivated by differences in Political, Religious, and Racial ideologies, beliefs, interests, and agendas.

You don’t have to be a genius to see that if the World continuous to stay on this divisive track that sooner or later it is going to implode under all the pressure.

(As I have been saying all along the only way for everyone to be able to rise above their differences is by trying to find common grounds over the Universal Principles and Values that are derived through Logic and Compassion.)

IMO

 

[Derek Peterson]

I honestly think everyone is missing the point here. Epik / Rob Monster has for many years been LYING about their products and services and not caring about user/customer privacy and security and using threats and anti-free speech tactics to silence those who speak out. It has nothing to do with politics and religion or anything of the sort. While you might find it offensive that does, that does NOT, in and of itself make someone save passwords in clear text, pretend to build something when they in fact just white labelled it, store full credit cards data on their own servers, etc etc.

Epik and Rob Monster are not victims. They are dishonest, lying, criminals.

 

[Derek Peterson]

Although improving, overhauling, and continuous updating of all the security systems and protocols at Epik is a must,

But it is really the prevailing mindset at Epik which has created a mixing of doing business with that of defending and being supportive of certain ideologies and beliefs that are associated with Race, Religion, and Politics that is really at the heart of all the problems that we are seeing today.

It used to be that most companies tried to keep doing business separate from Race, Religion, and Politics for the simple fact that they were able to make more money by catering to all people without taking sides and as such most businesses saw it in their interest to take a neutral stance and stay out of trouble.

But in the current divisive environment that has taken over the World it seems that many companies and businesses are put in a situation that they now have to take sides in order to survive and which side they take is going to depend in a big part on the beliefs and ideologies of the top brass in the company (mainly that of the CEO or the major shareholders).

So no mater how much you improve the level of security at a company if that company is going to take sides when it comes to Race, Religion, and Politics then most likely the hacking is going to continue and although in this instance some people have attributed it to the lax security practices at Epik, but the truth of the matter is that as more and more companies and businesses stop being neutral and start taking sides then we are going to see more and more hackings and breaches that are motivated by differences in Political, Religious, and Racial ideologies, beliefs, interests, and agendas.

You don’t have to be a genius to see that if the World continuous to stay on this divisive track that sooner or later it is going to implode under all the pressure.

(As I have been saying all along the only way for everyone to be able to rise above their differences is by trying to find common grounds over the Universal Principles and Values that are derived through Logic and Compassion.)

IMO

Ugh, Epik / Rob's marketing strategy did not make them store passwords in clear text or full credit card data or lie about their products and services.

 

[Jurgen Wolf]

https://www.namepros.com/threads/not-sure-what-to-do.1254280/

 

[tonyk2000]

I honestly think everyone is missing the point here

As per the leaked files, top management like intelli name also used Epik for their own portfolios. So, were they unaware of all the security holes? Nobody forced them to consolidate domains with Epik.

Pure negligence...

 

[Derek Peterson]

As per the leaked files, top management like intelli name also used Epik for their own portfolios. So, were they unaware of all the security holes? Nobody forced them to consolidate domains with Epik.

Pure negligence...

Yeah, I'm sure they believed Rob about his whole Swiss Bank schtick. Hard not to believe when someone sounds so confident and sincere and says Jesus and God every other sentence, hard to imagine they are lying and there is really no way for a customer to verify.

 

[Rob Monster]

Please don't tell me what to do. Every one of your posts is just like the last ...you repeat yourself ad nauseum. You called my last post pitiful. Well guess what? I won't lose any sleep, considering the source.

More criminal activity...

Amazon-owned Twitch breached by hackers who reportedly leaked everything from creator payouts to an unannounced Amazon digital game store.

• • The source code for Twitch and creator earnings numbers were reportedly included in the hack.

That's Google, the universal texting service, and Amazon all in today's news. Maybe it's time to start cutting Epik and Rob Monster a little slack.

I'd like to point this out as proof that it doesn't matter how good the security is or is not. Determined criminals will commit crimes.

I'm sure that Google and Amazon have world class security . If these hackers are out to get you they're going to get you.

For all of you spouting off about unsalted this and that... How many of you really understand what you're saying and not just parroting the few here that really do?

I think it's time that we get behind our industry and support the little guy. I remember when GoDaddy was run by Bob Parsons. It was actually not a bad company. You want to lose people like Rob Monster? Be prepared for lack of innovation and the highest possible prices. People like Rob give back to our industry and force competition. You don't have to like him. But you don't need to resort to wishing ill on anyone or becoming an angry mob.

Were flaws exposed? Yup. But if you want to beat Epik to a bloody pulp, you have to be ready to judge all others just as harshly. Or be a hypocrite.

So what is the common denominator? Open your eyes. The real problem here are the hackers. If they can take down the safety of the Chrome browser, all your texting, and amazon, how does the little guy stand a chance?

I'm not saying to love Epik or Rob. Free will prevails. But support your industry and give them a Fighting Chance. They know where they've gone wrong now. Let them try to fix it.

As for communication google tried covering up their issues. The texting service waited 5 years to let it be known. Rob has issued statements which I am sure are in accordance to what he's being advised to do. I can't speak for him. But as open and sharing, even verbose as he is I'm sure he would love to let us all know what he's thinking and what's going on. My guess is he's acting on the advice of counsel. Just a guess

I want to thank @internext for this very reasonable and kind statement.

I also want to take this opportunity to apologize to the domain community for this incident. Regardless of whether this incident was at Epik or a trusted 3rd party vendor, the buck stops here.

Cybercrime is an immense problem.

The news this week about many cybersecurity incidents involving numerous trusted brands and billions of unique personal records, serves as a reminder that cybersecurity is a global challenge.

We believe that blatant criminality will not be tolerated whether it be Google/Twitch, Facebook, Pandora Papers, Neiman Marcus or Epik.

Looking ahead, I believe the industry needs to come together. We don't have to agree on every topic. I hope we can all agree that truth matters.

As for Epik, we are hard at work making Epik a better company. We have a compelling mission. We have remarkable people. We have capable advisors. Most of all, we have loyal customers.

The protection of customer assets has always been our commitment. We are investing heavily in making sure that we stay true to that commitment in 2021 and beyond, while continuing to innovate and lead.

And so I thank you for your patience and support as we lay the groundwork for building an even better Epik!

Thank you.

Robert Monster
Founder and CEO
Epik Holdings Inc.

 

[koolishman]

Better late than never, Rob!

Thanks.

 

[DN Playbook]

@Rob Monster, thank you for making a statement without invoking God or politics. It is very welcome.

Just a couple of questions:

Since when were you aware that sensitive data was stored in plain text?

At what point did your in-house team have access to the source code? At least access was available to the database, correct?

The protection of customer assets has always been our commitment. We are investing heavily in making sure that we stay true to that commitment in 2021 and beyond, while continuing to innovate and lead.

How has this commitment changed in light of the hack? In other words, have you made or are intending to make any changes to the protection of your customer assets?