# Epik.com security breach



## theinvestor__ (Sep 19, 2021)

Hello,

We are contacting you to notify you of an urgent security notice. Despite the extensive security practices we use to protect our platforms and customer information, we have confirmed an unauthorized intrusion into some of our domain-related systems.

We have mobilized the full force of multiple cyber security teams to assess the scope of this intrusion. We are taking aggressive action to completely secure and remediate all potentially affected systems, while complying with all applicable laws. As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords.
At this time, we have not confirmed that your card information has been compromised. As a precautionary measure, you may choose to contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly. Should you observe any unauthorized activity, please document and report it immediately.

We are notifying you because we consider your privacy and security our single greatest priority. Our mission to provide legendary service to all customers remains unchanged. We appreciate your support as we work through the full resolution of this situation, and we will continue to provide you with ongoing updates as we learn more.

Thank you,
Epik Security Team


----------



## jaydub__ (Sep 19, 2021)

Ugh!
Never had a domain there and decided 2 weeks ago to try them out with a couple of transfers and this happens *DONT_KNOW*


----------



## RedRider (Sep 20, 2021)

They hype their universal login which I personally don't trust. The same login across different services leaves you vulnerable to having all the services hacked. That's why I never login to other accounts with facebook or google.


----------



## Cooper (Sep 20, 2021)

__ https://twitter.com/i/web/status/1439311347573932033

Call your credit card company and have them send you a new card, the information is now confirmed as leaked.


----------



## Cooper (Sep 20, 2021)

__ https://twitter.com/i/web/status/1439708718472613890


----------



## MapleDots__ (Sep 20, 2021)

https://id.federatedidentity.com/auth/


I worry about their federated login which combines the login for all services.

If they are going to keep using that they have to make sure that two factor is active on all accounts because if one service is compromised all will be with a single login.


----------



## Jonathan Hitchens (Sep 20, 2021)

That's always been a bad idea, crack one, get them all.

So much being released on Twitter/social media. What a mess.

Should have never done that 3.5 hour chat.


It's one of the many reasons I couldn't work with that registrar, when the CEO doesn't appear stable with some of the crazy stuff he says right on cam.

Rob:

"And I’m telling you, there were curses put on these datasets, and not out of spite. I’m just saying that it was done. I’m just giving you a heads up. There are curses. Laptops will burn. Hard drives will burn. And we’ll see if it’s true, but there’s…"

10 year old code:
"Yes, shitty Russian code. We bought some shitty Russian code and we actually didn’t really have an opportunity to evaluate that code until we finished, until we really took control over everything."

https://blog.mollywhite.net/monster-qa/


----------



## Jonathan Hitchens (Sep 20, 2021)

Latest email:

Hello,

We previously notified that on September 15, Epik confirmed a data intrusion involving its customers’ personal information. Though our forensic investigation is still ongoing, we can now confirm additional details of this intrusion.

What happened:
While we continue to investigate, we believe that on or before September 13, 2021, unauthorized third parties accessed a backup copy of Epik’s domain-side service accounts through one or more non-public servers.

What personal information may have been obtained:
Name, address, email address, username, password, phone and VAT number (if given), transaction history, domain ownership, and for a small subset of users, credit card information.

What we are doing:
As previously stated, we have retained multiple cybersecurity partners to investigate the incident, secure our services, help affected users, and notify you, law enforcement, and other relevant authorities. We are continuing to communicate with relevant authorities and other stakeholders as well.

At this time, we have secured access to our domain-side services and have applied additional security measures to help protect services and users going forward.

In addition, we will offer free credit monitoring until September 15, 2023, for all affected Epik users; more details on this free service will be made available soon.

Additional options for users:
1. Change your Epik password and enable two-factor authentication by visiting: https://www.epik.com/support/knowle...ssword-epik-user-password-when-user-forgot-it

2. Call Epik Toll-Free at 800-510-3282 for further information and assistance.

3. The Federal Trade Commission (FTC) recommends that you place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. This can be done by contacting any one of the three major credit bureaus:

Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
Experian: experian.com/help or 1-888-397-3742
TransUnion: transunion.com/credit-help or 1-888-909-8872

4. Request a free credit report from each credit bureau after placing a fraud alert on your file. Review these credit reports for any accounts and inquiries you do not recognize, as they may be signs of identity theft. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and obtain recovery steps. Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically so you can spot problems and address them quickly.

5. You may also want to consider placing a free credit freeze on your file. A credit freeze prevents potential creditors from obtaining your credit report, making it less likely for an identity thief to open new accounts in your name. To place a freeze, contact each of the major credit bureaus using the links or phone numbers above. A freeze will remain in place until you ask the credit bureau to temporarily lift or remove it.

6. Visit IdentityTheft.gov/databreach, for additional resources and help to protect yourself from identity theft or call 1-877-438-4338.

7. Learn more about your rights under the Fair Credit Reporting Act here.

8. Contact your local Attorney General or local law enforcement to report suspected identity theft by filing or obtaining a police report.

Thank you for your continued support. We will continue to keep you updated.

Epik Security Team


----------



## silentg__ (Sep 20, 2021)

> Security researcher Corben Leo contacted Epik’s chief executive Monster over LinkedIn in January about a security vulnerability on the web host’s website. Leo asked if the company had a bug bounty or a way to report the vulnerability. LinkedIn showed Monster had read the message but did not respond.


Web host Epik was warnedof a critical security flaw weeks before it was hacked


----------



## jaydub__ (Sep 20, 2021)

20 years in domains and one week after I decide to try them out ]:-> 
Only pulled a couple of names over but since they don’t do paypal I put in a credit card ]:-> 
Live and learn. Stick to your many years, tried and true partners.


----------



## RedRider (Sep 21, 2021)

15 million users' details exposed in Epik breach

https://www.computing.co.uk/news/4037435/million-users-details-exposed-epik-breach


Who knew Epik had that many customers?


----------



## RedRider (Sep 21, 2021)

Takeaways from the Epik hack call

https://domainnamewire.com/2021/09/21/takeaways-from-the-epik-hack-call/


"Twice during the call, Monster broke into prayer to cast away demons"


----------



## dotceh (Sep 23, 2021)

More info on Epik hack in National Post:

Panama Papers of hate groups': Identities, passwords of Epik users released by Anonymous

https://nationalpost.com/news/world...-websites-internet-provider-and-its-customers


----------



## Cooper (Sep 23, 2021)

> “I hear ignorant monster man talk about ‘Shitty Russian code’ that programmer coded, but is fake propaganda news, hello Americans!
> 
> In mother Russia we educate and train proud programmer and code app that hide in ransomware of meat factory. How is monster man talk for shitty Russian code when is opposite?”



Source: https://domaingang.com/domain-news/sergei-putanov-no-shitty-russian-code-in-epic-leak/


----------



## Jonathan Hitchens (Sep 23, 2021)

Somebody just lost their job because of this hack:

Florida real estate brokerage Travers Miran Realty has fired real estate agent Joshua Alayon after he was swept up in a hack that revealed alleged attempts to register domain names such as theholocaustisfake.com and whitesencyclopedia.com.

https://www.inman.com/2021/09/22/agent-swept-up-in-hack-canned-from-brokerage-for-holocaust-views/

This has been getting picked up my major news outlets now like CNN, Washington Post ect.

---------
https://en.wikipedia.org/wiki/2021_Epik_data_breach


----------



## Esdiel (Sep 25, 2021)

Domain sales were in the leak too apparently:


__ https://twitter.com/i/web/status/1441792442961850369

__ https://twitter.com/i/web/status/1441799834344644612


----------



## Esdiel (Sep 25, 2021)

__ https://twitter.com/i/web/status/1441832012952875008

__ https://twitter.com/i/web/status/1441842464378195970


----------



## MapleDots__ (Sep 26, 2021)

I wonder if name bio will record all those sales, it's quite a treasure trove.


----------



## LovelyLynda__ (Sep 27, 2021)

mymy

Escrow.com Sends Epik Security Breach Password Reset Email

https://domaininvesting.com/escrow-com-epik-password-reset/


----------



## Cooper (Sep 28, 2021)

I'm confirmed breached

If you want to see what tool I used https://dn.ca/post/10020/#p10020


----------



## Jonathan Hitchens (Sep 29, 2021)

Even more apparently:

"BREAKING: hacktivists with Anonymous release a second round of data from the Epik hack. A security researcher who was able to verify the extent of the leak to me described it as "a complete own." At over 300 gigabytes worth of data, this leak is larger than the first."
https://twitter.com/stevanzetti/status/1443299000187297795

On a side note for supporters. It doesn't bother you that an CEO of a company gets on camera and says stuff like data is cursed and laptops will catch fire etc. To me that seems a bit off in the head or do you agree with him that data can be cursed and things can just catch fire?


----------



## Jonathan Hitchens (Sep 29, 2021)

"New leak of Epik data exposes company’s entire server"

https://www.dailydot.com/debug/anonymous-new-epik-leak/


----------



## rlm__ (Sep 29, 2021)

lol, where do I get my copy?? probably a great treasure trove of useful domain industry data in there!


----------



## MapleDots__ (Sep 29, 2021)

It might be the nail in the coffin

I will be sad if that happens


----------



## MapleDots__ (Feb 23, 2022)

This is the guy that hacked Epik



__ https://twitter.com/i/web/status/1494035194759819266

Psycho !!




*0.40 into the video he admits he hacked Epik*


----------



## silentg__ (Feb 23, 2022)

He needs help


----------

