alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

Where was the announcement that they'd be working with BugCrowd?

It was revealed in this thread.

https://www.namepros.com/threads/epik-had-a-major-breach.1252094/page-107#post-8419504

 

[bmugford]

As others will have pointed out, our bug bounty program was informal through email and our ticketing system. We absolutely did and do pay out many bug bounties over the years to ethical hackers.

As of earlier this year, we have been incubating a proprietary bug reporting system. It is not ready yet but we think it is mission critical enough to self-host it.

In the end, we went with a commercial solution since we would rather have hackers choose an ethical path, and we realize that their skills and time have value.

HackerOne is one we did consider for our formal bug bounty platform, but since they never replied to our inquiries, why we went with BugCrowd.

As for the mystery of the $444 deposited to your GoFundMe page, as I guess that mystery is unsolved for you despite the bread crumbs, here is a clue for what that was about.

Where was the announcement that they'd be working with BugCrowd?

See above.

 

[Future Sensors]

Believe me, if HackerOne doesn't answer your inquiries, something really special might be going on.

 

[internext]

Monster has an MO of trying to figure out if people are desperate and then try to leverage that. He's a bottom fisher, always searching for ways to take advantage of people.

Sorry your experience is the opposite of mine. When I told Rob of some problems I was having he lent me thousands of dollars and gave me a year to pay him back with zero interest. Because of him I was able to get out of a huge bind. Sorry this has nothing to do with the hack but neither did your comment.

Since I have paid him back he never attempted to leverage anything against me. In fact he even reached out to some high-dollar end users to help me close some deals. He never asked for anything in addition to his normal marketplace commission.

When I hear all of these stories trying to make him sound like a literal monster, I feel really bad because the guy has been nothing but great to me. Other than my personal experience I have no other knowledge or history with him

 

[Future Sensors]

Sorry your experience is the opposite of mine. When I told Rob of some problems I was having he lent me thousands of dollars and gave me a year to pay him back with zero interest. Because of him I was able to get out of a huge bind. Sorry this has nothing to do with the hack but neither did your comment

So the money is present, but not for security bounties.

 

[Future Sensors]

When I hear all of these stories trying to make him sound like a literal monster, I feel really bad because the guy has been nothing but great to me. Other than my personal experience I have no other knowledge or history with him

I absolutely believe that the people who belong to his inner circle (in any case, if you are a customer of the company) benefit from his generosity. Glad he was able to assist you.

 

[Future Sensors]

Will check with HackerOne why they didn't respond to the inquiries.

 

[internext]

So the money is present, but not for security bounties

I see your point but I don't necessarily agree with your assessment. It's kind of apples and oranges. I was facing jail and I've got a disabled teen daughter. And I'm her only provider and sole guardian. Don't know if you see the difference but that's as deep as I'm going to get into it.

Things are getting better in my life and in my daughter's life and I have a huge debit gratitude to pay Rob Monster

 

[Future Sensors]

I see your point but I don't necessarily agree with your assessment. It's kind of apples and oranges. I was facing jail and I've got a disabled daughter. Don't know if you see the difference but that's as deep as I'm going to get into it

Wish you strength. And yes, I see the difference. And respond to both sides accordingly.

 

[bmugford]

Sorry your experience is the opposite of mine. When I told Rob of some problems I was having he lent me thousands of dollars and gave me a year to pay him back with zero interest. Because of him I was able to get out of a huge bind. Sorry this has nothing to do with the hack but neither did your comment.

Since I have paid him back he never attempted to leverage anything against me. In fact he even reached out to some high-dollar end users to help me close some deals. He never asked for anything in addition to his normal marketplace commission.

When I hear all of these stories trying to make him sound like a literal monster, I feel really bad because the guy has been nothing but great to me. Other than my personal experience I have no other knowledge or history with him

I see your point but I don't necessarily agree with your assessment. It's kind of apples and oranges. I was facing jail and I've got a disabled daughter. Don't know if you see the difference but that's as deep as I'm going to get into it

That's cool, but at the end of the day Rob is the CEO, sole board member, and majority shareholder of a company. He has a responsibility to customers (and others) to protect their data.

In this case Epik failed. There is no way to sugar coat it. No amount of personal generosity will change that.

The security protocols and protections that were being employed were far below industry standards acording to cybersecurity and IT experts. This includes things like passwords and login information being stored in plain text, storing CC and CVV codes, and much more.

Epik either knew about these security issues ahead of time and ignored them or did not know. Neither option is better than the other and requires incompetence IMO in leadership and/or technical ability.

When you build on "shitty Russian code" what do you expect?

Thousands of customers and millions of others are forced to deal with the fallout from this (easily foreseeable) failure.

Brad

 

[internext]

That's cool, but...

see this is why I don't like to get involved in this thread. It's haywire.

Some just look for an excuse to twist what is said into yet another same old post they've already droned on and on about repeatedly throughout this topic. On and on it goes. Nothing new just the same old mantra repeated ad nauseam.

I was just trying to defend Rob against Derek's accusation that RM has an MO of taking advantage of people and leveraging his power over them. That just wasn't my experience that's all.

All the rest about his responsibilities has been repeated Non-Stop and I'm sorry that I inadvertently caused yet another post repeating the same thing over and over and over and over. Back to the shadows

 

[bmugford]

see this is why I don't like to get involved in this thread. It's haywire.

Everyone looks for an excuse to twist what is said into yet another ad nauseam repetition of their mantra.

I was just trying to defend Rob against Derek's accusation that RM has an MO of taking advantage of people and leveraging his power over them. That just wasn't my experience that's all.

All the rest about his responsibilities has been repeated Non-Stop and I'm sorry that I inadvertently caused yet another post repeating the same thing over and over. Back to the shadows

You are basically a character witness for Rob, which is fine.

A lot of people donate money, time, resources to charitable causes. You can also competently run a company at the same time. It is not an either/or zero sum game.

I am glad Rob helped you, but the real story is the data breach itself.

Brad

 

[internext]

I am glad Rob helped you, but at the end of the day the real story is the data breach itself.

Yes it was not an invitation for you to go on and on droning your mantra ad nauseam. I think you got that point across about 50 times by now since you've posted the same thing over and over.

If you bothered to read my post replying to Derek I said that this had nothing to do with the hack but that neither did his I was just defending the latest as-usual off topic slanderous comment that Derek was making.

 

[frank-germany]

Yes it was not an invitation for you to go on and on droning your mantra ad nauseam. I think you got that point across about 50 times by now since you've posted the same thing over and over.

If you bothered to read my post replying to Derek I said that this had nothing to do with the hack but that neither did his I was just defending the as-usual off topic slanderous comment that Derek was making.

great you talked about your personal experience with RM
thank you
nobody is evil all the time

but did you notice there was a severe incident at
Epik "Lords own" domain registrar?

how do feel about Epik? not RM.

 

[bmugford]

Yes it was not an invitation for you to go on and on droning your mantra ad nauseam. I think you got that point across about 50 times by now since you've posted the same thing over and over.

If you bothered to read my post replying to Derek I said that this had nothing to do with the hack but that neither did his I was just defending the as-usual off topic slanderous comment that Derek was making.

Well, you posted on a public forum. I don't need an invitation to make a post that is on topic to this thread.

Good points stay good no matter how many times you make them.

I will keep making the exact same valid points until they are satisfactorily addressed.

Brad

 

[bmugford]

You only were able to repeat your mantra by connecting it to my post which had nothing to do with your mantra. But since you have made yourself the official spokesman judge and jury of this thread I'll leave you to it. Enjoy ..all I know is I am less likely to post knowing that some narcissist is about to follow me and change the meaning of what I said because they have such a big ego they need to stroke.

By the way yes it gets old ...I'm not so stupid I need your opinion beat into the side of my head Non-Stop. Why don't you try to find a new schtick? It would be nice to come here and see something new

I guess I don't really care about Rob's charitable causes, like donating $444 to Kirtaner then taking public credit for it in this thread. That seemed transparent.

I care about Rob, the CEO of a domain company that has made a mockery of the domain world with their actions and refusal to address the valid concerns of the victims of the data breach or take any real accountability for how they got into that position in the first place.

Brad

 

[Future Sensors]

This thread. It's haywire.

I think we can all agree that this is a unique thread, with so many knowledgeable stakeholders participating. If you pay close attention, there is a lot to learn from all parties, including from our new members in this thread. Even if they're rude, I sometimes don't appreciate the tone either. Even if you do not immediately agree with their ideas and experience, or when they make it difficult by asking for more clarity repeatedly, it can be useful. Because it's needed, and because for years this has become the permanent home of the CEO to promote his company. A lot of very substantive, sometimes highly technical, suggestions have been made that are, or should be, really useful to Epik. Moreover, this thread has the most links to publications about the incident, if we don't count Twitter.

 

[Derek Peterson]

Sorry your experience is the opposite of mine. When I told Rob of some problems I was having he lent me thousands of dollars and gave me a year to pay him back with zero interest. Because of him I was able to get out of a huge bind. Sorry this has nothing to do with the hack but neither did your comment.

Since I have paid him back he never attempted to leverage anything against me. In fact he even reached out to some high-dollar end users to help me close some deals. He never asked for anything in addition to his normal marketplace commission.

When I hear all of these stories trying to make him sound like a literal monster, I feel really bad because the guy has been nothing but great to me. Other than my personal experience I have no other knowledge or history with him

Thank you for proving my point. He found a desperate person, gave them loan, probably collateralized with domains so no risk, got his money back and now has "friend". That sounds like a typical Monster deal.

 

[Derek Peterson]

see this is why I don't like to get involved in this thread. It's haywire.

Some just look for an excuse to twist what is said into yet another same old post they've already droned on and on about repeatedly throughout this topic. On and on it goes. Nothing new just the same old mantra repeated ad nauseam.

I was just trying to defend Rob against Derek's accusation that RM has an MO of taking advantage of people and leveraging his power over them. That just wasn't my experience that's all.

All the rest about his responsibilities has been repeated Non-Stop and I'm sorry that I inadvertently caused yet another post repeating the same thing over and over and over and over. Back to the shadows

All I know is what I have experienced and heard from others who experienced Monster. Many here have also known Monster for many years and they have opinions contrary to yours, not just me. Perhaps you should think of others.

Yes it was not an invitation for you to go on and on droning your mantra ad nauseam. I think you got that point across about 50 times by now since you've posted the same thing over and over.

If you bothered to read my post replying to Derek I said that this had nothing to do with the hack but that neither did his I was just defending the latest as-usual off topic slanderous comment that Derek was making.

I have not said one thing that is untrue. Please show me one thing I have said that is untrue or retract your accusation of slander, which, by the way, is actually slander. You should also know that many people have accused Monster of many things here and asked him many questions but he has not responded or even tried to defend one of them. You wanna know why? Because they are true.

"Slander is a legal term used to describe defamation or the act of harming a person or business's reputation by telling one or more people something that is untrue and damaging about them."

Ironically, Monster has "slandered" me many times to many people, including publicly on this very website, and privately to the owners of this website and others.

 

[johnn]

I think no one here hate RM as a person but no one like the way he's running the company as an CEO.
He is not even to keep the IT standard which caused the breach and explored thousand of customer data here.
He made a couple of posts here but all the content of the posts are either spamming or tell people how good a Christian he is and offering prays and hugs?
He did not say anything about how he will step up to fix the security problems.
If you can go to Church every Sunday but the other 6 days you messed up people life then you are a man with two faces. What do you pray in Church?