alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Kirtaner]

How many undercover surveillance officers did you block while you were there?

Over 9000

 

[Molly White]

@Bravo Mod Team (or another mod, not sure if there's a way to ping you more broadly), is it possible for you to say why @shoulda9393 was just banned?

 

[MasterOfMyDomains]

@Bravo Mod Team (or another mod, not sure if there's a way to ping you more broadly), is it possible for you to say why @shoulda9393 was just banned?

Yes mods, tell us that. Whas that a duplicate account or we have to keep playing guessing games

Stay on topic, where is the list that was released on twitter with 24000 accounts or something like 60 pages back

 

[Evil.dll]

Yes mods, tell us that. Whas that a duplicate account or we have to keep playing guessing games

Stay on topic, where is the list that was released on twitter with 24000 accounts or something like 60 pages back

Posting that data on this forum would be like trying to decipher Mike Lindells PCAPs, except with actual evidence.

 

[Future Sensors]

Where is the list that was released on twitter with 24000 accounts or something like 60 pages back

You probably mean the Google spreadsheet with curated data from the breach, prepared by a researcher and shared with a link on Twitter. Twittter soon removed the tweet, but the spreadsheet is still in existence. It's derived work from the leaks. A lot of researchers are diving in to see how people, businesses and politics are connected, as can be seen on Twitter.

 

[MasterOfMyDomains]

I am asking for da link. I saw it posted here, but was on mobile and my ophone wouldnt download.

I just want to know how this hack has affected me.

 

[Future Sensors]

I am asking for da link. I saw it posted here, but was on mobile and my ophone wouldnt download.

I just want to know how this hack has affected me.

All PII data of customers, including data thought to be 'anonymized'.

 

[Evil.dll]

I am asking for da link. I saw it posted here, but was on mobile and my ophone wouldnt download.

I just want to know how this hack has affected me.

Check out haveIbeenPwned type in your email

 

[MasterOfMyDomains]

My emails have been hit, but one has been hit like 8 times over the years.
One i have no idea how it got nailed, i can find no link back to epik for that one

 

[Future Sensors]

Check out haveIbeenPwned type in your email

That's only one part, with the scraped whois data, afaik. But yes, 15MM people in that one, so chances are that you're in it if you do anything with domains. A lot of us are on this forum.

 

[Evil.dll]

Yeah. I have the torrent. I have seen the bulk of the unparsed stuff and some of the curated stuff. Posting it on here would require me to explain and redact more than I have time for. I feel I have explained things in the thread pretty well up to now. It is just draining to try and help people understand it and point out logical fallacies to those I am trying to help. Plus I can’t post links or pictures because I am probably on the verge of getting banned for subtly Rick rolling 9393. It is a lot of energy to put into helping people that have it all figured out. I appreciate your posts and you seem to have a good idea of the scope. I have to catch a flight to Denver to make sure people are properly mitigating risk by conducting adversarial simulations. I didn’t want to use the H word because really all it is is social engineering, which is something everyone in the breach should look out for. Make sure to carefully examine all emails, change all passwords, google vishing and smishing and prepare yourselves for the cybers. (To those who read this before I edited do not google smashing and under no circumstance whatsoever do not try to google Brony) you have been warned.

 

[Future Sensors]

I have to catch a flight to Denver

Stay secure. Thanks for your contributions, they are packed with relevant info to the trained eye. Do come back here.

 

[Evil.dll]

Stay secure. Thanks for your contributions, they are are packed with relevant info for the trained eye. Do come back here.

I am anxiously awaiting a swath of deleted posts by the time I reach my hotel. As much as this is a drain it is not half as toxic as Twitter and I can offer unsolicited advice to people that might actually need it. I wish I could be more help, but I feel disclosing too much might lead to a fun game of parallel construction.

 

[Future Sensors]

I am anxiously awaiting a swath of deleted posts by the time I reach my hotel. As much as this is a drain it is not half as toxic as Twitter and I can offer unsolicited advice to people that might actually need it. I wish I could be more help, but I feel disclosing too much might lead to a fun game of parallel construction.

A lot of good and neutral infosec and IH advice (like, nist and cert best practices) has been given to Epik in this thread. Now the question is if it gets routed to the right people within the organization.

 

[Evil.dll]

My emails have been hit, but one has been hit like 8 times over the years.
One i have no idea how it got nailed, i can find no link back to epik for that one

The amount of data that was stored, scraped and improperly secured has no doubt led to credential stuffing, concise wordlists for dictionary attacks, complex GPU cracking and maybe even neat python tools to simplify things. I miss the days of Solaris 2.0 when things were a bit easier because who the fark knew Unix in 2001. Now with Parrot or Arch, even Ubuntu there are toolboxes and automation. If Skiddy Ape can make the world believe JFK jr is gonna fly in on an American flag draped Pegasus and wipe out the blood sucking cabal without any discernible talent whatsoever we can safely assume there are 14 year olds that can change your Verizon shipping address and buy IPhones. This may seem like a rant, but this is related to this thread. If mod team wants evidence before deleting the post for the love of jackhammer Jesus, let me post links or pictures. Seriously though, white squall… Couldn’t of picked something from Scorsese or Kubrick?

 

[Future Sensors]

Yes, you definitely want a distro with all the forensics tools already on board.

 

[Bravo Mod Team]

not sure if there's a way to ping you more broadly

That's a good idea.

Currently, we have:

• Publicly: https://www.namepros.com/forums/namepros-community-help.9/
• Privately: https://www.namepros.com/support/
• Report links on content and profile pages

is it possible for you to say why @shoulda9393 was just banned?

We display a general indicator on accounts.

Here's the explanation for this one:

Account Closed (Disallowed): Indicates that the account is not allowed. Generally, it means the account is a duplicate/secondary account and either (1) they must upgrade it or upgrade their primary account to re-open it, or (2) the member is not allowed another account, regardless of upgrades, due to restrictions on one of their accounts.

Learn more.

Unless it's a matter of public interest (e.g., fraud), we respect their privacy and don't share their other account(s).

As far as we can tell, there is nothing nefarious about this member; they simply created another account for privacy reasons, allegedly afraid to challenge Rob without anonymity (and presumably the hackers, as well). We don't have reason to believe otherwise.

We hope that helps.

 

[Derek Peterson]

Rob's business was incompetent in their security practices. Hackers have most or all of the moral blame here, and will likely get prosecuted. Also, reported your post to moderators.

And on a note unrelated to you, those who knowingly spread misinfo about the Epik customer base, or are chummy with hackers, are also not good faith contributors here and their presence should not be tolerated.

Most people effected by the hack don't even know of this forum (or any domain forums), which is probably why bad faith people like conspiracy theorists, hackers, and epik customer misinfo spreaders (separate people often) have been setting up shop here and elsewhere.

Again, this isn't a matter of incompetence, it is a matter of FRAUD. Monster sold Epik as the Swiss Bank of Domains, promised that it was top notch security when in reality he has never even seen the code or had it reviewed. That is like a car manufacturer saying their cars are totally safe but they have never tested a single one, just had some engineer say it was safe.

He then got around people asking specifics about the security with over the top Christian talk and tons of personal promises and then when he was caught lying about his products he wages personal attacks, threatens, and even hires investigators to research and harass critics. It is literally a criminal network.

 

[Derek Peterson]

Unless it's a matter of public interest (e.g., fraud), we respect their privacy and don't share their other account(s).

As far as we can tell, there is nothing nefarious about this member; they simply created another account for privacy reasons, allegedly afraid to challenge Rob without anonymity (and presumably the hackers, as well). We don't have reason to believe otherwise.

We hope that helps.

Is there a way to get users to admit if they are employed or being compensated in ANY way for posting? As we all know it is not above Monster to have employees and shills stuff polls so having them post on Epik behalf is not much of a stretch.

 

[Bravo Mod Team]

Is there a way to get users to admit if they are employed or being compensated in ANY way for posting?

Probably not, but it isn't productive to continuously question participants' motives in a discussion; this isn't a poll. Their posts either have merit or they don't, and who is making them isn't relevant to that.

Please, for the millionth time, stop discussing each other in this thread.