NameSilo

Epik May Have Had A Major Breach

Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021 at 6:17 PM

Replies:
448
Views:
23,610

  1. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,712
    Likes Received:
    10,376
    I'm sure 1000%, that all these technical aspects are absolutely secondary in EPIK FAIL story.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,340
    Likes Received:
    4,001
    Epik might want to:

    1) Shut everything down in the meantime. The sky would not fall. Why? There is a possibility of unauthorized transfers away...

    2) Hire external security (server management, etc.) company and ASAP.

    3) Clean/upgrade/etc all the systems and restore the service with obligatory passwords change, as well as 2fa reset, after next login.

    4) Send email to all customers, but, for god's sake, without mentioning politics or anything similar.

    5) Since Epik earned a certain level of trust (not with all the domaining community, but it is irrelevant in this context) - the honesty would be the key to survive. Some members right in this thread support epik, some don't, some like it, some don't, but it should be obvious enough that "disappeared" domaining-friendly registrar would not benefit the industry as a whole in any aspect.
     
  3. eternaldomains

    eternaldomains Established Member

    Posts:
    441
    Likes Received:
    229
    Somehow, it's, like, impossible, for them to separate their announcements from politics without activating a death curse.
     
  4. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    13,754
    Likes Received:
    25,636
    Yeah, this is a key point. We are not dealing with a company worth billions of dollars.
    They have massive exposure, especially when it comes to the domain investing community.

    It would be in their best interest to release some kind of update. It is not believable in my view that law enforcement would be stopping them from issuing a basic statement.

    The longer it goes on, the worse it is going to get.

    Brad
     
    Last edited: Sep 15, 2021 at 4:04 PM
  5. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,712
    Likes Received:
    10,376
    They act like nothing happened or fake news. This tactics was chosen.
    ~3h ago I have received reply in my yesterday's ticket: As far as I'm aware, we are not being attacked by DDoS.
     
    Last edited: Sep 15, 2021 at 4:04 PM
  6. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    13,754
    Likes Received:
    25,636
    I don't think the head in the sand approach is going to be a winning strategy here.

    This story is starting to make it on more mainstream news sites -
    https://www.jpost.com/diaspora/anti...ata-from-far-right-webhost-epik-report-679573

    Brad
     
    Last edited: Sep 15, 2021 at 4:06 PM
  7. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,059
    Likes Received:
    3,508
    I think you're probably expecting a bit much from such a small company this early in the game. I'm not saying their response--or lack thereof--is reassuring, but it's par for the course. Most people involved probably don't even know the difference between a DDoS attack and a data breach.

    That's not to excuse their lack of security or preparedness, but we've seen similar behavior in the industry from other, less controversial companies.
     
  8. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    13,754
    Likes Received:
    25,636
    When you are a small company with so much exposure to one community, it is normally in your best interest to say something.

    No one is asking for some detailed analysis of every aspect of this hack. They just want some type of update, which I think is more than reasonable.

    Brad
     
  9. NickB

    NickB it's a mystery VIP

    Posts:
    5,465
    Likes Received:
    13,047
    Surely the decision makers in any company no matter what the size would be able to make an announcement no matter how small to show people they are working on it?
     
  10. Magul

    Magul White Bread is Head VIP ★★★★★★★★★★

    Posts:
    2,564
    Likes Received:
    1,164
    Epik is innovative and innovation improves bottom line for the industry.
     
  11. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,712
    Likes Received:
    10,376
    So slowness from nothing...
    Just overload from customers.

    According to my previous tickets and LiveChat - DDoS events are not rare on Epik, and were always confirmed if any.
     
  12. iAdam

    iAdam iadam.com Gold Account ★★★★★★★★★★

    Posts:
    640
    Likes Received:
    1,411
    Probably they are still investigating, and they can't make announcement if they don't know what exactly happened.
     
  13. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,059
    Likes Received:
    3,508
    Of course, but incident response is a tricky beast. It's overwhelming at best. Even the most prepared teams have to prioritize and end up making decisions that don't necessarily look great in hindsight.

    There's always a human element, and as someone who's had experience being paged at 4 AM while on vacation because some random person decided that would be a great time launch an attack, I certainly empathize with what they're going through right now. Again, that's not to say I condone the silence or their security practices, but it's a tough situation to be in.

    Keep in mind the actual attack in the spotlight here wasn't a DDoS attack, and it's important not to conflate the two. Denial of Service is just that: users have trouble accessing a service. It doesn't mean data has been leaked. That's not what appears to have happened here.

    When enough real people visit a website, it has the same effect as a DDoS attack. If a lot of people are trying to log in right now, it will be indiscernible from the users' perspective: the site will slow down and fail to function properly. That's not an attack; that's just a side effect of everyone panicking.
     
  14. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,712
    Likes Received:
    10,376
    Were troubles...
    Yesterday were even periods of up to 20 minutes, when Federated Identity login page didn't load at all.
     
    Last edited: Sep 15, 2021 at 4:31 PM
  15. xdomainer

    xdomainer Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,913
    Likes Received:
    699
  16. Kenny

    Kenny Top Contributor VIP Gold Account ★★★★★★★★★★

    Posts:
    14,898
    Likes Received:
    16,853
    @Paul Thanks for stepping up and letting us hear from your trusted perspective. There will be a lot of BS from both sides on this and hearing it from someone without an agenda helps.

    Peace,
    Kenny
     
  17. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,712
    Likes Received:
    10,376
    And I noticed these troubles even BEFORE this thread was started...
     
  18. NickB

    NickB it's a mystery VIP

    Posts:
    5,465
    Likes Received:
    13,047
    The Telegraph is a conservative newspaper - if you had said the Guardian.......maybe
     
  19. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,712
    Likes Received:
    10,376
    Use Google...
    This is just one publication from MANY sources...
     
  20. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,059
    Likes Received:
    3,508
    Let's not let this devolve into yet another flame war over Epik or politics. Given the circumstances, that would be entirely unfair to everyone involved. Notable sites in our industry have been getting hacked more and more often, regardless of their political alignment or lack thereof. Pointing fingers and debating motive does not help us move forward.

    Moderators, please take note.
     
  21. DN_Hunter

    DN_Hunter Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,223
    Likes Received:
    734
    Were there any reports that Masterbucks data was leaked?
     
  22. VadimK Iberica

    VadimK Iberica Established Member

    Posts:
    687
    Likes Received:
    1,162
    I agree. I was changing some prices yesterday and every time it was taking like 20 sec to update the price, while before the change was in an instance, less than a second.
     
  23. OmarVG

    OmarVG Top Contributor VIP

    Posts:
    3,007
    Likes Received:
    4,207
  24. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    11,712
    Likes Received:
    10,376
    ^
     
  25. Paul

    Paul CTO, NamePros CTO VIP Gold Account

    Posts:
    2,059
    Likes Received:
    3,508
    It was on Hacker News yesterday, and probably on 4chan before that. Of course, it's possible there's also an ongoing DDoS attack, but it makes little practical difference.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...