alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[oldtimer]

At this point, what Epik needs is a crack team of cyber security experts, lawyers, and PR people working together on their press releases. lol

Most probably they have a team of experts working on overhauling and upgrading their security, the problem is that they don't have a PR team letting the public know on a daily basis about all the stuff that they are doing behind the scenes.

IMO

 

[FiniteCrystal]

Most probably they have a team of experts working on overhauling and upgrading their security, the problem is that they don't have a PR team letting the public know on a daily basis about all the stuff that they are doing behind the scenes.

IMO

I think that's what they want you to think, personally I wouldn't give them that much credit. No matter what this is a PR nightmare, but some transparency as to how they're going forward, specifically how they plan to secure their systems and avoid collecting information that they shouldn't to mitigate the extent of the damage next time, would be nice.

 

[Jona4s]

The registrar shifts will be in the ICANN reports published from January 2022 to April 2022.

Regards...jmcc

You don't need to wait until 2022.

As I explain you before, anyone can send 158.6 million TCP whois packets in under an hour, using a few IPs and a single $2 VPS.

Each packet is 65 bytes @ whois.verisign-grs.com:43

0  0  1  .  C  O  M  \r \n
30 30 31 2e 43 4f 4d 0d 0a

The answer packet ~3kb.

49 41 4e 41 20 49 44 3a 20 31 33 33 31 0d
I  A  N  A     I  D  :     1  3  3  1  .

You just need the 158.6m com from the zone file. The same with other gtlds, you can get them on czds.

And for ngtld, appears Epik has 61k https://ntldstats.com/registrar/617-Epik-Inc

The only ones missing would be cctld.

Anyone interested doesn't have to wait until 2022.

 

[oldtimer]

some transparency as to how they're going forward, specifically how they plan to secure their systems and avoid collecting information that they shouldn't to mitigate the extent of the damage next time, would be nice.

Have any of the researchers (including you) contacted Rob's lawyer to ask him about this.

IMO

 

[FiniteCrystal]

Have any of the researchers (including you) contacted Rob's lawyer to ask him about this.

I have not reached out to Epik or Rob Monster regarding the hack. Several journalists have and they've gotten radio silence afaik. I don't think it should be my job to make Epik communicate with their customers about how seriously (or not) they take the security of their customers' data. Honestly I don't even care, I would never trust them anyway, I'm just pontificating about what they should do.

 

[oldtimer]

I have not reached out to Epik or Rob Monster regarding the hack. Several journalists have and they've gotten radio silence afaik.

Well his lawyer might be the most rational person to reach out to for getting some answers.

I am not saying that you personally have to do this yourself, but Rob's lawyer could probably provide some answers if approached by researchers and journalists.

IMO

 

[Windoms]

Since Epik's leaks, I've had suspicious logins on my Twitter, Steam, Ubisoft and some not so known platforms, also a phishing e-mail from "my bank" (they got the bank's name right tho) that I need to change my home banking password. No damage or modifications so far (due 2-FA i guess), also no modifications on the domain names.

What's ringing my bell, is that Paypal cut them like 2 years ago, and my bank called me last year to say that Epik LLC is not a trustful company and I should consider my on going transaction (luckily I used a virtual/disposable card). Apparently they knew something.

Always liked Epik, but Rob's attitude raised a lot of red flags in my head, his "god" references, narcissistic behavior, irrational rants and the lack of communication. Just transferred out all my domains, good bye Epik, and Rob, I hope you get your lesson out of this (you better start believe in your lawyers instead of Santa Claus).

Twitter, steam, ubisoft, damn these guys are scraping hard. Maybe they're looking more adresses or saved credit cards. That dumb breach is going to f*ck lots of people. Stupid, and neglected, dumb, f*cking breach.

Silly.

We know who did it, how they did it, and when they did it. We also have a pretty good idea of why they did it and for whose benefit".

There he goes, brewing lemonade.
He's gonna come out saying it was a conspiracy against freedom and free speech. Lol.

All while forgetting the fact that epik is in deep sh*t.

Boat heading straight to niagara falls.
No art or skill will save.

Change the captain.

 

[carob]

The problem is really this is just not that feasible. People might use 50-100 different websites with logins, or more. What are you going to have a different

People are being advised here by others to change all the email addresses they use with various service providers/websites. If they are doing that anyway, they might as well supply a unique email for each service/website. Using a domain you control for email that is really easy.

Once you have set up the catchall on the domain you use for email, any unique email you create will send email to whatever email inbox you assigned to the catchall, for example, [email protected]

So if you sign up for marketing emails from, say, scarydomainmonster.com, you could on the spur of the moment supply them with [email protected] as your email and then anything they send you automatically goes to the inbox of [email protected].

 

[FiniteCrystal]

I am not saying that you personally have to do this yourself, but Rob's lawyer could probably provide some answers if approached by researchers and journalists.

Epik's legal team is free to communicate with the press at their leisure. I don't have Rob's attorney on speed dial.

 

[Bravo Mod Team]

1Password recently added:

Masked Email
Email addresses as unique as your passwords

Protect yourself from data breaches and spam with a unique email address for each account.

If you start receiving unwanted emails you can easily identify which services shared, leaked, or sold your email address. And, if you need to, you can simply switch it off.

Separate all your online identities and manage it all from a single account.

https://1password.com/fastmail/

 

[MadAboutDomains]

1Password recently added:

https://1password.com/fastmail/

The only issue with this is that some websites have a habit of banning the use of these types of email addresses. I've seen this for public mailbox providers like mailanator. Of course mailinator is different in that all of the mailboxes are public, maybe they'll treat this kind've thing differently.

 

[mr-x]

Do you know anything about anarchist philosophy? Do you even know what an anarchist is? Moreover, you're simply wrong. Recent hacks have revealed links between far-right organizations and the US government, which I would argue absolutely constitutes "wrong doing". I would also argue that they've "helped" at least some people, such as that real estate agency that doesn't want to have a holocaust denier working for them.

Edit by moderator: aggressive sentence removed.

Anarchist are criminals.

10's of thousands of people have been effected. That's not Epik's fault, it was anonymous who stole the data and continues to hurt people.

Philosophy is b/s. Actions speak louder than words.

Edit by moderator: personal attacks removed

 

[Jona4s]

their only crime is that of curiosity

 

[koolishman]

their only crime is that of curiosity

Whose?

 

[Future Sensors]

Epik's legal team is free to communicate with the press at their leisure. I don't have Rob's attorney on speed dial.

Data breach notifications were created after the first leak. The situation after the second leak is now even more serious and notifications must be adjusted and supplemented to reflect the current situation.

Fortunately, Epik does help "affected users". How?

Epik, please respond to their questions and concerns.

 

[jmcc]

You don't need to wait until 2022.

As I explain you before, anyone can send 158.6 million TCP whois packets in under an hour, using a few IPs and a single $2 VPS.

Verisign might notice the uptick in those packets. It has been in the business for a few decades and regularly sees such attempts to mine the WHOIS. It also rate limits requests from single IP addresses and may block them. That means that more disposable IP addresses would be necessary.

Then there's the problem of a single dataset. All that your dataset would represent would be a single snapshot of domain names in your list. You would not know how many have been transferred out or transferred in to Epik. You also don't know how many registrations Epik has lost through deletions or gained via new registrations. This means that you have to create multiple datasets for comparison and do this for each gTLD you wish to check. From the legacy gTLD set, there are .COM/NET/ORG/BIZ/INFO/MOBI/ASIA/CAT/COOP/JOBS/MUSEUM/NAME/PRO/TEL/TRAVEL/XXX and the relatively inactive .POST. There are also over 1,100 new gTLDs.

You just need the 158.6m com from the zone file. The same with other gtlds, you can get them on czds.

This brings up another problem. The number of domain names under management by a registry is not always the same as those in the zone file. Almost every gTLD has a number of dark domain names. These are domain names without nameservers. The link below shows how the .COM and .NET are actually slightly larger than the zone files.
https://www.verisign.com/en_US/channel-resources/domain-registry-products/zone-file/index.xhtml

Some of those domain names are in their pending-delete phase when their nameservers are removed and they are about to drop within five days. Others are intentionally dark due to legal action or action by their registrants.

As for the CZDS, not all registries grant access to zone file requests and there are frequent outages while registries renew access requests every 90 days or so. It was a perfectly good specification but ICANN managed to break one of the most important aspects of it (continual access to the zone file unless the registry deactivated it).

Some of the registries, especially the new gTLDs, are moving away from the old WHOIS system to the RDAP system (https://www.icann.org/rdap). That gives the registries a lot more control over access than the WHOIS system.

The only ones missing would be cctld.

Some of the ccTLD registries make the gTLDs seem extremely open by comparison. Registries such as DEnic (the .DE ccTLD registry) doesn't publish anything other than the domain name status and the nameservers via WHOIS. Eurid, (the .EU registry), will provide the registrar via WHOIS but will provide more data via web-based WHOIS. Other registries don't even provide WHOIS. But the big problem with ccTLDs is that access to the zone files varies. Many ccTLD registries will not provide access to their zone files.

Anyone interested doesn't have to wait until 2022.

You can see the transaction reports for .COM here: ( https://www.icann.org/resources/pages/com-2014-03-04-en ) They are in comma separated variable format and should be readable as a text file or in any Open Source spreadsheet software. As you can see, they provide much more information than simply domain names under management for each registrar. (number of nameservers, number of new registrations by years registered, number of renewals by years renewed, number of transfer gains, number of transfer losses, number of deletions, number of deletions for which the registrar did not have to pay (deleted grace). They are statistics rather than actual domain names.

What people outside the domain name industry do not understand is that domain name registrations at a registrar level tend to be incredibly sticky. People, for reasons best known to themselves, tend to register domain names and keep them with the same registrar for the lifetime of the domain name. What has happened with Epik over the last few weeks is that some portfolio operators (they own large numbers of domain names) have changed their nameservers to those of Dan, Afternic, Bodis and others. They may not have actually changed the registrar for their domain names. Most of the domain names on Epik are for sale. These domain names do not have developed websites.

The latest (May 2021) .COM report only shows 701,454 domain names (in total) being transferred. Transfer from one set of nameservers to another is typically higher. Those kinds of generally transfer show up in the changed WHOIS record and in the zone files. Tracking all these changes, even with the registry reports, and understanding them is a complex business.

Regards...jmcc

 

[FiniteCrystal]

The only issue with this is that some websites have a habit of banning the use of these types of email addresses. I've seen this for public mailbox providers like mailanator. Of course mailinator is different in that all of the mailboxes are public, maybe they'll treat this kind've thing differently.

I've never encountered a problem with this. Of course a lot of websites don't want you using a disposable email address for which anyone can access the inbox. Anyone who has access to your inbox can complete a password reset on most sites. As long as your inbox is private you'll be fine.

 

[mr-x]

Twitter, steam, ubisoft, damn these guys are scraping hard. Maybe they're looking more adresses or saved credit cards. That dumb breach is going to f*ck lots of people. Stupid, and neglected, dumb, f*cking breach.

Silly.


There he goes, brewing lemonade.
He's gonna come out saying it was a conspiracy against freedom and free speech. Lol.

The only thing silly is you mocking someone in one sentence, then proving his point in the next.

All while forgetting the fact that epik is in deep sh*t.


Change the captain.

So you agree, anonymous hurt 10's of thousands of people because they don't like Rob's politics or religion.

 

[Future Sensors]

The Epik Data Breach Notifications were filed by outside counsel mr. Thomas Codevilla, partner of SK&S Law Group. This firm is specialized in assisting clients who have been suffering data breaches.

 

[Derek Peterson]

So you agree, anonymous hurt 10's of thousands of people because they don't like Rob's politics or religion.

IT DOESN'T MATTER if they did it because of politics or for financial gain or if it was an ex-girlfriend seeking revenge. The issue is the security at EPIK and it is also the topic of this thread.

 

[mr-x]

IT DOESN'T MATTER if they did it because of politics or for financial gain or if it was an ex-girlfriend seeking revenge. The issue is the security at EPIK and it is also the topic of this thread.

My issue is anonymous, a criminal enterprise is primarily responsible. Everything Epik didn't do is secondary.

 

[Derek Peterson]

My issue is anonymous, a criminal enterprise is primarily responsible. Everything Epik didn't do is secondary.

I didn't hire anonymous to protect my privacy nor did I trust them with my personal info.

 

[Beezy]

IT DOESN'T MATTER if they did it because of politics or for financial gain or if it was an ex-girlfriend seeking revenge. The issue is the security at EPIK and it is also the topic of this thread.

X is doing this thing where because he feels it's unfair to lump epik customers in with Rob's ideological ilk, he is trying to do it to the other side and he's whiffing.

He just needs to look up a few basic definitions of things to see why.

 

[mr-x]

X is doing this thing where because he feels it's unfair to lump epik customers in with Rob's ideological ilk, he is trying to do it to the other side and he's whiffing.

He just needs to look up a few basic definitions of things to see why.

And you are ignoring the true people responsible. You want to make this ideological, hence your attack on any contrary information or opinion.

 

[Derek Peterson]

How many domains did you have at Epik? From your personal attacks on Rob and open dislike for Epik I find it hard to believe you hired Epik to do anything.


Show attachment 201066

You seem to have a low, bigoted opinion of Epik customers.

Show attachment 201067


How is this type of bigoted post allowed to stay up? Certainly not on topic of security.

I had one domain at epik as of a couple of months ago, by accident. I had forgotten about it but when realized it was there I moved it away. I called in to have it unlocked and and no one answered. A few minutes later Rob called me on my cell, "because he saw it was me", I said I don't want to talk to you.

I had moved all away many years ago when I realized that Rob Monster didn't care about user privacy (as a result of my exposure of his fake VPN) and his dishonesty.

I also had a credit card on file, which I am not happy about. Stupid of me to leave that active there.

You can't seem to get it through your head that I am a free speech absolutist, a born again Christian and probably further right than him, if I cared about politics, but I do not trust or respect Rob Monster and with good reason.