information Epik and your plan

[johnn]

I know there are a lot of members here have account with Epik so the information from you may help other members.

1. How many names do you have with Epik
2. Are you worried and what's your plan NOW and when the hacking is OVER

 

[blockhead]

What we know about this breach keeps getting worse and worse.

I'm not going to regurgitate everything here, but anyone who's ever used Epik should seriously follow along the main thread:

https://www.namepros.com/threads/epik-may-have-had-a-major-breach.1252094/

Essentially, it's not just your Epik account you should be thinking about. It's being claimed that even failed login attempts were stored in plaintext, and now leaked to the public, meaning that not just your Epik password is likely being passed around - but also passwords you may use for any number of other services and apps as well (think bank accounts, crypto accounts, email addresses, streaming services, restaurant apps, etc etc etc).

The potential damage has barely even started. This information is just starting to make the rounds.

 

[Sacoplc]

To me epik is still the best registrar, I will continue with them..

 

[frostify]

Just transferred out many of my domains that were on Epik over to another registrar.
Called my bank to cancel my debit card and have a new one with entirely new numbers mailed to me.
Changed all my passwords (using 1Password). It's been an incredible pain in the a**. A long time ago I remember them advertising themselves as the "Swiss Bank of Domains" and I thought I'd picked a secure registrar, boy was I wrong...

 

[Mister Funsky]

Are you doing anything about it? Are you canceling your cards?

Yes...without hesitation. In the last 3 years I have had to cancel cards at one place or another due to a data breach 4 times. Not a big deal, just part of the reality of existing in a digital world filled with criminals.

 

[frostify]

I prefer domain registrars that don't require me to sign up to credit monitoring agencies.
Unfortunately, I was directly impacted by this security breach, had to cancel my debit card, and am actively involved with all the major credit reporting agencies to be on the lookout for fraud.

Aside from the credit monitoring program, Epik has offered nothing to their customers as compensation for the incredible inconvenience this has caused. I think it would have been a gesture of goodwill for them to offer something to customers who were directly impacted while also laying out a roadmap for immediate and future steps they plan on taking regarding their security somewhere accessible from the homepage on Epik.com. It seems Epik is hesitant to publicly acknowledge the hack on their homepage, instead emailing existing customers.

I think stepping up and 'owning' their mistakes is the right path forward.
I suggest Rob write a detailed blog post + security road map and link to it from the header on Epik.com.

 

[frostify]

I made the choice earlier this year to make Epik my 'go to' registrar for almost all of my domain names. I have no political affiliation with the far-right, and furthermore I don't pick my registrar based on politics. I legitimately found Epik to have some of the lowest prices, easy to use interface, good support, and what I thought was good security. The latter of course now in question.

I'm extremely concerned and am actively looking to move ALL of my domains away from Epik. I often relied on landing pages and Epik Marketplace for sales but regardless of how the situation pans out, potential buyer's trust in Epik is going to be at an all time low after this press coverage and media surrounding Epik.

I think it would be a bad business decision to continue trying to sell through Epik due to reputation issues alone, even if it turns out that the hack wasn't as serious as Anonymous claims. The damage to their credibility is done. If further investigation finds that Epik truly did store information in plain-text then they have much bigger problems coming.

 

[domaindevil]

I am going to start moving all my domains to another registrar. Already moved some of the most important ones. I really liked Epik's platform, but there is too much drama with DAN, Paypal, the hack, the religious email, the fights..

His prayers will not keep my hacked data safe - good IT security would have..

 

[omelet]

as you may expect, I have removed all my domains away from epik.
he is still praying for me.
that s*cks

what does s*cks mean?

 

[has2hands]

LINK: https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

"A Linux engineer tasked with conducting an impact assessment on behalf of a client who uses Epik’s services told the Daily Dot that the breach was one of the worst he had ever seen. The engineer did not have permission to speak about the breach by his employer and was granted anonymity by the Daily Dot.

“They are fully compromised end-to-end,” they said. “Maybe the worst I’ve ever seen in my 20-year career.”

The engineer pointed the Daily Dot to what they described as Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.

The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.

The Daily Dot was unable to confirm the claims made in the press release by Anonymous that every single one of Epik’s customers were exposed in the breach.

Analysis suggests that hacked data goes up until Feb. 28, 2021. The data’s release comes just days after hackers aligned with Anonymous defaced the official website for the Republican Party of Texas over the state’s new restrictions on abortion."

 

[Steven McEvoy]

As I was a huge fan of Epik... I think i will be moving out my domains back to Namesilo/Dynadot.. in do time.

I really hate when businesses want to feed in on politics and personal views... Just like GoDaddy.

**Update i removed 2 important domains the others I will probably wait to sell or transfer when close to exp.

 

[KWNG]

The 'hack' either occurred prior to March (6 months ago) or it was a 'hack' of data that was stored at a supplier/2nd site. Either way, any 'damage' that would have happened including stolen names would have and/or should have happened well before now.

Codes have been changed, more than once, and if your names do not stay locked always (regardless of who your registrar might be) you probably should not dabbling in the art of domain investing.

Until/unless someone can legitimately report he/she has had a name stolen I'm not going to worry too much.

Back to the first paragraph, if the data was hacked 6 months ago, why did the hackers wait so long to make a production about it? Were they trying to extort Epik in the meantime or did they just manage to get get access to off core storage?

Epik should only allow transfers out from here on via not only auth codes but by emailing the owner to double confirm the transfer by clicking on the provided link.

 

[Jurgen Wolf]

Epik and your pain.
The most correct thread title here.

 

[NYJimbo]

My plan is to stay away from Epik, at least for the time being. I pretty much stopped using them when Afternic dropped the 'swiss bank of domains' from the fast-transfer list.

That was the last straw for me. But like a fool i thought the worst was over and could reg some names that i didnt care about FT. Now this finally shows its never going to get better.

Its not the breach that bothers me. Its that the breach exposed how shitty epik is at security and protecting customers.

 

[kite26]

Security must be the A and Z for any registrar. For any company, not only registrar actually. All the innovation should come as second priority. What to do the innovation when my cc is leaked?

 

[twiki]

I have stepped back from domaining, but just before I did start using Epik and had been impressed with their platform. I'd assumed that if I got back into it, I'd use them. That won't be happening now.

As a platform/ backend developer, I've always sensed they are rushing. A LOT. This falls right into my experience backyard.

By comparison, other registrars are slow and testing each comma before they release a change (for example I help Dynadot with features and certain improvements there came from me, such as the bulk search result download for example).

So I had a deep inner feeling that everything is built in haste. You can't build that fast a system so complex.

Turns out my gut feeling was right.

 

[TheBaldOne]

I think it would be a bad business decision to continue trying to sell through Epik due to reputation issues alone, even if it turns out that the hack wasn't as serious as Anonymous claims. The damage to their credibility is done. If further investigation finds that Epik truly did store information in plain-text then they have much bigger problems coming.

Did you feel and post the same for all the other banks, registrars, national bodies, etc. which have been hacked? For instance the GoDaddy hacking incidents?

 

[omelet]

I don't care if he likes him or not but not coming to the thread and attack me.
I did not say anything wrong with Rob. He is blindly defends Rob regardless of the situation.
This thread is not about Rob but what would you do in this situation.

ppl freely express their preferences. Look like you attacked them first.

I respect your choice, that's no problem. but it doesnt make sense to blame and attack ppl who different from you.

 

[April004]

1. How many names do you have with Epik
2. Are you worried and what's your plan NOW and when the hacking is OVER

1. had only single domain with them, moved to hexonet.
2. but yes, I'm worried about the account information that got leaked to hackers.

so no more Epik (as of now until everything is sorted) there are lots of good, reliable, secure options.

Did i forgot to tell Namecheap is have transfer-week sales, you can transfer .COMs to them for some $3 and few cents.

 

[ET76]

Also, at least for me this morning, it does not allow fast approval via the email link (it asks me if I want to approve, but says approval is not allowed at this time). I did not check with customer service if there are ways around this, it is something temporary, or something particular to my transfer (I was just transferring one name, and don't mind if I do end up needing to wait the 5d).

Bob

We still can expedite the transfer by contacting their live support @Bob Hawkes , they will approve it for you. I did it last night.

 

[Bob Hawkes]

Yes, just to update what I wrote earlier, you can now get auth codes again, and as @ET76 reports can get live support to expedite approval of the transfer.

 

[frank-germany]

To me epik is still the best registrar, I will continue with them..

to me
that was funny

 

[Bob Hawkes]

This morning Epik forced me to reset my pw on login. I had reset it shortly after the notification of breach a couple of weeks ago.

Are others encountering that, or is it something on my account? I think forcing everyone to change pw is a good idea, just wondering if that is what they have now done.

Bob

 

[Jurgen Wolf]

Almost all domains parked on Epik - I moved to another landers.
Epik needs rebranding and absolutely another kind of PR.

No available budget for transfer games right now.

p.s. 0 domains in my GoDaddy account.

 

[Samer]

Worst epik hit thread, out of all.

Move with the other epik thread it belongs

I already posted this there; was in junkmail
Keep piling on, johnn, and others who “quit” When Rob posts, be more than GD did in life

Samer