alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

@Rob Monster, thank you for making a statement without invoking God or politics. It is very welcome.

Just a couple of questions:

Since when were you aware that sensitive data was stored in plain text?

At what point did your in-house team have access to the source code? At least access was available to the database, correct?

How has this commitment changed in light of the hack? In other words, have you made or are intending to make any changes to the protection of your customer assets?

Good questions.

Rob has a lot of questions he is going to have to answer. I have many myself, but starting with a basic one -

Why was the tweet alerting people about the data breach deleted?

Brad

 

[frank-germany]

I Most of all, we have loyal customers.

good one

The protection of customer assets has always been our commitment. We are investing heavily in making sure that we stay true to that commitment in 2021 and beyond, while continuing to innovate and lead.

oops

so when did start with that commitment exactly?


lead?
with what?

 

[frank-germany]

I Most of all, we have loyal customers.

good one

The protection of customer assets has always been our commitment. We are investing heavily in making sure that we stay true to that commitment in 2021 and beyond, while continuing to innovate and lead.

oops

so when did start with that commitment exactly?


lead?
with what?

 

[Molly White]

Why does your company continue providing services to Joey Camp, who you acknowledged in your September 16 video meeting is breaking Epik TOS by doxing and harassing private individuals? Why did Epik allow Mr. Camp's sites to remain up, despite many abuse reports, until you were confronted by a journalist in a format where you were unable to continue deflecting? Why did you not terminate all services to Mr. Camp at that point? Why do you allow your services to be used for doxing and harassment when you think the victims deserve it?

https://twitter.com/x/status/1441827503056826368

Do you plan to acknowledge that you instructed Camp to dox me and my family? Was posting a photo of a young child in my family wearing a bathing suit at your instruction too or did Joey Camp just throw that in as a freebie? How about sending my dox and those of my family to individuals known to be violent? Defaming me as a drug addict? Threatening that he was sending people to enter my home?

How about defaming and doxing my parents, who had no idea who you are and no involvement in my encyclopedia writing, which is apparently what has sparked this years-long campaign of intimidation and harassment by you and your company (despite my work being meticulous, and despite you never pointing to a single piece of my work that is not properly sourced despite multiple good-faith invitations from me for you to do so). My parents, who have done nothing aside from raising me very well, such that I am not intimidated by men such as yourself and Mr. Camp? But they deserve to be doxed by your lackey as well? And you're comfortable endangering them by providing services to Mr. Camp so that he can continue to disseminate dox and defamation?

I assume you've been very busy dealing with this breach, so I understand some delay in answering me. But l will continue to seek these answers. What you and Camp have done to me is mild compared to what he has done to many other people he has victimized (and what you have a direct hand in, due to your not only allowing his content to remain online, but sharing links to his site and directing him to target various individuals), but we all deserve an explanation.

 

[DN Playbook]

@Rob Monster, instead of turning your public statement into a PR spin, you have to answer the tough questions.

 

[bmugford]

Why does your company continue providing services to Joey Camp, who you acknowledged in your September 16 video meeting is breaking Epik TOS by doxing and harassing private individuals? Why did Epik allow Mr. Camp's site to remain up, despite many abuse reports, until you were confronted by a journalist in a format where you were unable to continue deflecting? Why do you allow your services to be used for doxing and harassment when you think the victims deserve it?

https://twitter.com/x/status/1441827503056826368

Do you plan to acknowledge that you instructed Camp to dox me and my family? Was posting a photo of a young child in my family wearing a bathing suit at your instruction too or did Joey Camp just throw that in as a freebie? How about sending my dox and those of my family to individuals known to be violent? Defaming me as a drug addict? Threatening that he was sending people to enter my home?

More very good questions...

You can't properly move forward with just some vague statement, until you properly address specific concerns and allegations. At this point, a lot of this stuff is well passed the allegation stage and appears to be very well documented.

Brad

 

[Kirtaner]

Do you intend to make additional breach announcements regarding the second and third incidents? Are you aware that the source code for every single one of your Epik Labs projects is now in the public domain?

 

[FiniteCrystal]

Talking about other recent hacks and fear-mongering about how "cybercrime is an immense problem" is not going to make your massive security problems go away, it is Cybersecurity Awareness Month, after all. Can you give specific details on what things your company is doing to improve security practices, reduce the amount of sensitive data collected to mitigate the damage of a potential future hack, and otherwise prevent something like this from happening again? It feels like you're trying to deflect from the issue of poor security at Epik by pinning the blame on cybercriminals, but hackers aren't going away any time soon and it is your responsibility as the company's CEO and acting CTO to make sure that you have a competent security team that can ensure the resiliency of your systems and protect your data.

 

[Kirtaner]

Epik, I'd imagine (lol) doesn't have the best cybersecurity team, if they even have one at all. Even after the hack I don't expect they could find anyone competent willing to work for them. I certainly wouldn't let that grace my resume.

Nobody wants to work at a place all over the news for harbouring terrorism. His company is a Western pariah.

 

[Derek Peterson]

Epik, I'd imagine (lol) doesn't have the best cybersecurity team, if they even have one at all. Even after the hack I don't expect they could find anyone competent willing to work for them. I certainly wouldn't let that grace my resume.

Nobody wants to work at a place all over the news for harbouring terrorism. His company is a Western pariah.

I think the focus should be on Epik LYING. They, Rob Monster, have made multiple false statements and claims about their products and services. This isn't so much a matter of incompetence as it is a matter of fraud.

1) He claimed to be the Swiss Bank of domains with unmatched security. How can he make such a claim if he nor any of his in house dev team were even aloud to review the code?
2) He claimed to have build a fully secure VPN. He was white labelling another service so how can he make such a claim?
3) He claimed to have secure and private hosting but he was reselling AWS.

The list goes on but arguing about politics and religion is dumb and will only help Epik. Focus on proving that he lied and committed fraud and other such crimes, which he did, and even hired people to research critics and try to silence them like some mafia kingpin .

 

[marijuanadomain]

Epik has to file for bankruptcy sooner than later...
Their reputation is being ruined.
So who is responsible?

 

[oldtimer]

And so I thank you for your patience and support as we lay the groundwork for building an even better Epik!

Thanks for coming here to address the concerns made by the domaining community. It's good to see that you have found the courage to rise up to all the challenges that are facing Epik.

I only have couple of questions:

Is the new Epik going to be a Force For Good by protecting the right of Free Speech for all law abiding people equally across the board and do you personally promise not to retaliate against anyone who is exercising their right of free speech if they have opposing beliefs and views from you specially if they are legitimately criticizing you or Epik.

And

Can you as the CEO and the person who is going to set the tone for the new Epik promise that there will be no discrimination by you and Epik against any of the customers, clients, employees, vendors, or businesses associates (or anyone else for that matter) on the basis of race, religion, national origin, color of skin, disability, gender, or gender preferences.

Hope to see the new and improved Epik soon.

 

[topdom]

I think Swiss Bank thing is related to domain loans (not sure about it).

Epik has the best customer service via chat among all companies I know.

Clearly Epik has enemies and was attacked, and any site can be hacked, and ones
with enemies would be more likely to be attacked.
But I can't say anything about whether Epik did enough to protect customer data.

But whatever you do you can't control everything. For example: keystrokes
may be recorded, employees may login via their smartphones with closed-source
OS which are of course not secure, and even if login system is secure , keystroke
loggers can't be avoided. Some employees can be bribed,.. if the enemy has bigpocket.
A smart phone may receive a message,.. and it can install a spy even if the message is not opened.
When passwords are typed, cameras nearby, such as device's own camera can watch it,..
and the screen can have its own secret camera.
...
Saying we are very secure is like, saying , noone can kill me. It is like an invitation.
..........
I'm not a loyal Epik customer, but I can move domains to Epik, and at least for 60 days noone can steal them. I'm not loyal to any business. Also how can you possibly be sure others were not hacked... if the hacker doesn't announce it.

 

[Derek Peterson]

I think Swiss Bank thing is related to domain loans (not sure about it).

Epik has the best customer service via chat among all companies I know.

Clearly Epik has enemies and was attacked, and any site can be hacked, and ones
with enemies would be more likely to be attacked.
But I can't say anything about whether Epik did enough to protect customer data.

But whatever you do you can't control everything. For example: keystrokes
may be recorded, employees may login via their smartphones with closed-source
OS which are of course not secure, and even if login system is secure , keystroke
loggers can't be avoided.
A smart phone may receive a message,.. and it can install a spy even if the message is not opened.
When passwords are typed, cameras neaby, such as device's own camera can watch it,..
and the screen can have its own secret camera.
...
Saying we are very secure is like, saying , noone can kill me. It is like an invitation.
..........
I'm not a loyal Epik customer, but I can move domains to Epik, and at least for 60 days noone can steal them. I'm not loyal to any business. Also how can you possibly be sure others were not hacked... if the hacker doesn't announce it.

Nice obfuscation. The problem is that epik and Rob have told many flagrant lies and threatened people to cover up those lies and false claims. Epik's utter incompetence is due to a core lack of concern for users and others.

When was the last time you communicated with Rob Monster or any Epik representative? (Your response may be used against you in a court of law as co-conspirator of fraud, etc)

 

[marijuanadomain]

Epik will have a welcome promotion to attract customers like 99cent registration or transfer domains?

 

[oldtimer]

When was the last time you communicated with Rob Monster or any Epik representative? (Your response may be used against you in a court of law as co-conspirator of fraud, etc)

I honestly don't want to get involved in your personal dealings and vendetta with Rob or Epik,

I am not affiliated, associated, involved, or beholden to anyone (including Rob or Epik). As an impartial and unbiased observer who has a few domain names at Epik I am more interested to see Rob do the right thing and be held accountable for how Epik is going to treat and take care of their customers going forward.

IMO

 

[tonyk2000]

Guys, Rob was following this thread. I bet he read all 100+ pages. He finally posted something. A good sign. Rob also elected not to address a number of hack-related questions. Why? We do not know. Maybe the law firm instructed him to. Maybe he is not yet ready to. Maybe he is preparing the 2nd post (a few screens, why not). In any case, asking and reasking the same questions makes no sense at this time. Just imho... Let's be practical.

 

[topdom]

??? Epik says we are secure,.. but they were hacked, ..so they lied? This may mean being on hacker's side.

I'm not aware of their lies. I don't discuss security with them. Maybe they are not as good as they claim, but I'm not in a position to evaluate such claims. I just don't know enough.

 

[Derek Peterson]

I honestly don't want to get involved in your personal dealings and vendetta with Rob or Epik,

I am not affiliated, associated, involved, or beholden to anyone (including Rob or Epik). As an impartial and unbiased observer who has a few domain names at Epik I am more interested to see Rob do the right thing and be held accountable for how Epik is going to treat and take care of their customers going forward.

IMO

Right, but you didn't answer my question. When was the last time you communicated with Rob Monster or any Epik representative? (Your response may be used against you in a court of law as co-conspirator of fraud, etc)

 

[topdom]

Right, but you didn't answer my question. When was the last time you communicated with Rob Monster or any Epik representative? (Your response may be used against you in a court of law as co-conspirator of fraud, etc)

Why ask such a strange question.
I'm just one of their customers (not even a loyal one), nothing else.

 

[topdom]

Right, but you didn't answer my question. When was the last time you communicated with Rob Monster or any Epik representative? (Your response may be used against you in a court of law as co-conspirator of fraud, etc)

What you are saying above sounds like:

"We have records of all of Epik's communication (online and offline), and we want to know exactly who you are".

I refuse to answer this nonsense question, but even if I did, my answer would be totally useless.

 

[oldtimer]

Right, but you didn't answer my question. When was the last time you communicated with Rob Monster or any Epik representative? (Your response may be used against you in a court of law as co-conspirator of fraud, etc)

I answered your question already out of courtesy, but I will not allow you to use any bullying tactics to silence my voice.

I am not and have been not in any direct communications with Rob or Epik related to the ongoing problems.

I personally don't approve of the way that you are going about this situation. If you have a legitimate case where you can prove that you have been wronged by Rob or Epik then you need to present your case in a court of law instead of repeating the same accusations over and over here in this thread and trying to intimidate others.

IMO

End of commutation.

 

[Derek Peterson]

What you are saying above sounds like:

"We have records of all of Epik's communication (online and offline), and we want to know exactly who you are".

I refuse to answer this nonsense question, but even if I did, my answer would be totally useless.

I'll give you double whatever Rob or rep gave you if you tell the truth and give proof. DM me to discuss.

 

[Derek Peterson]

I answered your question already out of courtesy, but I will not allow you to use any bullying tactics to silence my voice.

I am not and have been not in any direct communications with Rob or Epik related to the ongoing problems.

I personally don't approve of the way that you are going about this situation. If you have a legitimate case where you can prove that you have been wronged by Rob or Epik then you need to present your case in a court of law instead of repeating the same accusations over and over here in this thread and trying to intimidate others.

IMO

End of commutation.

I am not trying to bully you in any way and I am certainly not trying to silence you, as Rob has done to this entire thread. I simply asked if you have spoken with him or anyone at Epik recently and your response was very vague and now you give very suspect caveat of, "related to the ongoing problems". I think it is safe to assume that you have spoken with them and I find such a coordinated spin very dishonest. #masterbucks

 

[marijuanadomain]

Where is Rob,he is MIA, VERY UNUSUAL for him to be silent for so long.