information Epik and your plan

[johnn]

I know there are a lot of members here have account with Epik so the information from you may help other members.

1. How many names do you have with Epik
2. Are you worried and what's your plan NOW and when the hacking is OVER

 

[VaibhavA]

This thread is not about Rob but what would you do in this situation.

Agree, this thread is not about Rob and about the situation at Epik.

Also, I agree, that this forum is not the place to discuss or comment on religion, politics, nationality or race.

Also, how many domains we have at Epik - This has nothing to do with situation imo. Its not required.

Also, worlds most secured sites have been hacked in the past. How many had the guts to openly apologize and make amends.

 

[jiy k]

Regarding Credit Card Transaction at any Registrar or for any online Purchases, I follow one rule. After every transaction i delete my Card details from Payment section and again add them while carrying out fresh transaction..
Though it is convenient to save and carry out transactions smoothly without going through the trouble of adding CC details each and every time during transaction, i feel deleting it after every transaction gives a sense of security and peace of mind.

 

[mr-x]

a dislike is a one-way communication
there are no arguments

nothing to improve
nothing to learn
nothing to discuss

free speech to me means:
I can say what I want without fear of jurisdictional punishment



when you don't exchange opinions
but stay quietly behind a "dislike" or "disagree"
that is a cowardly behavior

you do not need to fear
to be exposed
as you talk nonsense

now again
to those disagreeing:
how can you disagree
when I did talk about facts?

you don't like those facts,
yes I understand that
me neither

Toughen up butter cup. This is the third post complaining about other people expressing themselves in a way you don't approve of. You don't have to like it and they don't have to care.

 

[asxforum]

Epik.com is still the best domain registrar on the internet regardless off being hacked it will just make the company stronger .

Maybe a rebranding is due .

 

[bmugford]

Just a heads up, for people not staying updated...

https://twitter.com/x/status/1443300672166838285

 

[Samer]

what does s*cks mean?

He doesnt want to get cancel cultured for fully spelling it out.

Samer

 

[br1ll1on]

as you may expect, I have removed all my domains away from epik.
he is still praying for me.
that s*cks

no offense but it's a little weird that "he is still praying for me" is all you picked from the email sent and again no offense

 

[jhm]

I have nothing with them, thankfully. Hope they sort this out and provide an update for all of you

 

[thekiller]

I have 100+ domains at epik.com recently transferred, the hacking news is worrisome but I would see how things unfold and the decided what I would do.

 

[topdom]

Years ago one of my (landrush) domains was stolen, and moved to another registrar. I contacted my registrar (not a very popular one) and after some waiting I got my domain back. But if I didn't realize it was missing, then it would have gone forever.. (nothing to do with Epik). .. So, in such cases, if you are awake, probably you can protect your domains. (later sold for 4 figures, big amount for a student).

 

[mr-x]

Guys can I point out something? No one likes a tattle tale but isn't knocking someones faith a no no and considered discrimination? Are any of us here above the law? Just saying..

Just the way the world works. Matthew 5:11

 

[frank-germany]

One despising epik cannot bring epik down..

don't forget we talk about a domain registrar

and not "the >>lord<<'s domain registrar"
even though Rob thinks so

 

[twiki]

I'm in the EU and our cards are more secure. In such way that I cannot even use them with many providers.

And I have limited amounts on card, transferring there only what needed. Plus 3D secure 2FA and an additional password, the latter two not being stored at Epik. I will not cancel the cards but will be monitoring them anyway. Keeping low amounts for now just to see if there's an issue. Have to travel soon and this is not the time to be cancelling my business card.

 

[donnied79]

I have around 25-30 domains with them, it is not where I hold the more valuable domains and I think I will move some out, but not every domain, while I'll keep monitoring as everyone else.

 

[Anees Ahmad]

TL;DR

I have only 16 domains and around $200 worth of credits at epik at the moment.

Since domain names aren't physical things and the domain ownership records must have well backed up, I believe even the worst case happened at the registrar level can easily be undone by the registry. What we should be worried about is that the card information might have compromised.

I don't have any plans to moving from epik so far, since I am happy with their pricing and service. But what I don't like about them is mixing business with politics, as @johnn mentioned somewhere. Also IMHO, they are lowering their own status trying to be a peoples company by commenting / involving in every silly things.

 

[Tom_Collins]

Isn't anyone going to mention their Federated Identity system which is a 1-login gateway for other websites.

"The Key to a Trustworthy Online Experience"

What a load of croc!

 

[johnn]

No more attack and back to the topic please.

 

[bmugford]

I don't see it listed on TPB. I don't want to download 300GB but I'd like to snag a copy so I can see what information of mine they actually have. Wonder where it is being shared.

I think the data would be very hard to go through for the average person, but these are reportedly full bootable disk images of the server. Unless some information has been removed, it is likely safe to assume whatever is on the server has been breached.

One serious question is about the ID documents that Epik had. Were they stored on the breached server, or in a more secure location like cold storage?

https://www.dailydot.com/debug/anonymous-new-epik-leak/

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.

“Files are one thing, but a virtual machine disk image allows you to boot up the company’s entire server on your own,” he said. “We usually see breaches with database dumps, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving.”

The data includes API keys and plaintext login credentials for not only Epik’s system but for Coinbase, PayPal, and the company’s Twitter account.

 

[karmaco]

This morning Epik forced me to reset my pw on login. I had reset it shortly after the notification of breach a couple of weeks ago.

Are others encountering that, or is it something on my account? I think forcing everyone to change pw is a good idea, just wondering if that is what they have now done.

Bob

It won’t force you if you enable two factor which everyone should have on.

 

[maksimfa]

Alright, my turn to add to this.

When I learned of the breach I was hella pissed and actually moved some of my mission critical domains to somewhere more low key.

Do they have better security? Probably not, but they are a smaller target. lol.

Since then however I have sold a name listed on Epik for low 4 figures, and registered about 15 or 20 new names.

There simply is not a better platform in my opinion.

 

[frank-germany]

as you may expect, I have removed all my domains away from epik.
he is still praying for me.
that s*cks

 

[gabri3l]

Epik offers the most competitive price, better than almost all other registrars

And now the entire world knows how they managed that, 0$ for netsec!

 

[has2hands]

I imagine the hackers are still inside their system(s).

 

[Henry Y]

I recently planned to transfer all domains to Epik because of the great customer support and the cheaper renewal and transfer prices offered by Epik (especially the special discount for NP members). I transferred very few domains to Epik for trial, so the impact of the hack (if the hack is true) on me is not high compared to Epik's heavy users. Now the domains cannot be moved away from Epik, so I can do nothing on the domains right now. But it allows me to have more time to see what will happen next and then rethink if I should continue to use Epik or not.

 

[frostify]

LINK: https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.

If the actual auth codes to transfer away domain names was included in this hack then that's a huge issue.