alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[FernandoBMS]

Wow, this thread got salty, unlike Epik's MD5 hashes

 

[jmcc]

Wow, this thread got salty, unlike Epik's MD5 hashes

Yep. But given the scale of the compromise, salts for MD5 hashing wouldn't have made much difference. As outlined above, the impact on ordinary Epik customers is now becoming visible.

Regards...jmcc

 

[johnn]

Nothing change.
He will not answer the questions about the incident.
He just keep advertising his company, insert the links and nonsense images like Lemonade, Popcorn, Batman, etc... like a little KID.
This is the behavior of an CEO of The BEST TECHNOLOGY Company on the Internet.
I am not sure about him anymore unless he has a mental problems?

 

[Windoms]

We have more domains under management today than on September 13, and without any new promo

 

[Joe123]

I don't know if it is linked or a coincidence but since the data dump, my email's spam service has caught far more spam, sometimes dozens of emails a day. And my email address is likely only included in the dump because Epik scraped my whois.

 

[koolishman]

Yes.

Lots of spam mails since the hack.

 

[tonyk2000]

Confirmed. More spam. Including nigerian princes. To all emails (whois scraping).

 

[Windoms]

We have more domains under management today than on September 13, and without any new promo

Seriously why would anyone transfer domains into a boat whose hull is made of come-and-hack-me-type-of-meat sinking in an ocean full of sharks and whose occupants are deemed to be nazis and child molesters?

(With sharks having done 3 assaults)

 

[Jurgen Wolf]

Some "hacker" spammed me today regarding Pegasus spyware etc.
And requested 1 BTC from me.

 

[tonyk2000]

Trustratings (powered by Epik), was mentioned in this thread earlier. I checked their score with Trustratings (powered by Epik):

https://trustratings.com/trustratings.com

Does not look good.

 

[tonyk2000]

Seriously why would anyone transfer domains into a boat

Transfer-in .com promo ($6.99)?

 

[johnn]

Transfer-in .com promo ($6.99)?

you get what you paid for.

 

[SirDrago]

Transfer-in .com promo ($6.99)?

That's souly the price but here is the true cost...

According to the hackers, the contents include:

• Domain purchases
• Domain transfers
• WHOIS history
• DNS changes
• Email forwards, catch-alls, etc.
• Payment history
• Account credentials
• Over 500,000 private keys
• An employee's mailbox
• Git repositories
• /home/ and /root/ directories of a core system
• Bootable disk images

 

[Jurgen Wolf]

Some "hacker" spammed me today regarding Pegasus spyware etc.
And requested 1 BTC from me.

And it was delivered to my Inbox, so even Google didn't recognize this spam.

 

[DN Playbook]

I signed up to an account but never conducted any business. However, my email has been exposed:

Have I Been Pwned: Check if your email has been compromised in a data breach

"In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who were not Epik customers. The data included over 15 million unique email addresses (including anonymised versions for domain privacy), names, phone numbers, physical addresses, purchases and passwords stored in various formats."

It likely led to whois scraping of my domains at other registrars. My mistake was to use the same email I use for other registrars and whois info. Huge mistake.

 

[Jurgen Wolf]

I receive spam to my account email...
For WHOIS another email is used.

 

[Windoms]

My mistake was to use the same email I use for other registrars and whois info. Huge mistake.

Havent thought about that one but good idea moving forward.

 

[DN Playbook]

And it was delivered to my Inbox, so even Google didn't recognize this spam.

If your name and other personal data has been exposed and used in the spam email then Google will think it came from someone who knows you.

 

[Jurgen Wolf]

This sender didn't mention my name or personal details, he just sent this long letter to my Epik account email...

 

[br1ll1on]

And it was delivered to my Inbox, so even Google didn't recognize this spam.

if the sender ip is not blacklisted, the "from" email has no previous spam reports and there are only one to two links( or no links) in the email, google can't recognise as spam