news Was there a Hack/Data Breach at Epik?

[404]

how he's blowing it out of proportion makes it seem like nobody could ever obtain that information from public records. He have any home purchase, court records,

They've leaked my PPI + cc details + CVC + security pin + security answers + failed login attempts... How's that blowing things out of proportion?

 

[404]

What data was leaked?

Seen Auth codes available as well... Just saying.

 

[amplify]

You can find out here:

Not gonna download it, but it would be interesting to see what is there for Brad Mugford. That's because he wasn't a customer since around 2014, by his own admission, but so hellbent on getting answers.

PPI

And is it any PPI that someone couldn't obtain about him for $50 (which would include even more like schools, job history, criminal record, etc.)?

You're making it seem like a residential address is the end of the world when that's probably already had in previous hacks on major corporations.

Not downplaying it at all nor speaking for Epik because I can't and don't. But my approach to all this is so nonchalant. So hackers have my address that they could've got from my .us registrations as you needed a public address there or in some other way like social engineering my local library... so over dramatic.

 

[Tom K.]

I'm sure they'll reply in time. You act as if a company that faced this can answer any questions at all. You should know the drill after watching political press conferences delivering horrible news. What's the line? "No comment"—You don't think, after 9/11 say, they couldn't comment on whether a plane hit the towers? We all saw it. But until they know everything, they try to calm while not answering.

I think you just answered why the thread at NamePros is so busy. Whenever a company is so tight-lipped or does a marketing spin when they speak, the community will fill in the silence.

Also, I think that the 9/11 analogy is apropos. This may very well be a 9/11 for Epik.

 

[amplify]

They've leaked my PPI + cc details + CVC + security pin + security answers + failed login attempts... How's that blowing things out of proportion?

They've = Anonymous

And I don't see anyone rushing to blame the criminals, yet give them a stronger voice and deflect any public responsibility on a crime organizationor's part in this. Not 1 person has gone against Anonymous and their part in it. They say, "yes the hack was bad", but yet they still engage with the very criminals that perpetrated this. Show me any posts to the contrary that, say you or Brad, explicitly called out Anonymous and the "representatives" of the organization to state their role in all this. It's madness. Them again, you're probably the type of people fine that the Taliban can have Twitter but Trump can't.

 

[404]

. So hackers have my address that they could've got from my .us registrations as you needed a public address there or in some other way like social engineering my local library... so over dramatic.

If you don't understand why that may raise issues and be of a concern you have a huge learning curve ahead of you when it comes to infosec.

 

[404]

They've = Anonymous

And I don't see anyone rushing to blame the criminals, yet give them a stronger voice and deflect any public responsibility on a crime organizationor's part in this. Not 1 person has gone against Anonymous and their part in it. They say, "yes the hack was bad", but yet they still engage with the very criminals that perpetrated this. Show me any posts to the contrary that, say you or Brad, explicitly called out Anonymous and the "representatives" of the organization to state their role in all this. It's madness. Them again, you're probably the type of people fine that the Taliban can have Twitter but Trump can't.

Yes, A did. I don't like that lot at all. But E should never have stored some of that data, not in plain text. Not at all. Common industry practice. Laws against that...

 

[amplify]

If you don't understand why that may raise issues and be of a concern you have a huge learning curve ahead of you when it comes to infosec.

Explain to me why it's of huge concern, especially when we circle back to 1 example of Brad Mugford (as he's in every page demanding answers that it's tiresome catching up with the same question repeatedly).

Do you think, as a businessperson in this industry for this long that his data isn't public somewhere already prior to all this?

 

[Tom K.]

Do you think, as a businessperson in this industry for this long that his data isn't public somewhere already?

Not login credentials. Not payment history. Not email forwards or catch-alls. Etc. And there are reports of cc information being stored. People had to cancel their cc's.

 

[amplify]

Yes, A did. I don't like that lot at all. But E should never have stored some of that data, not in plain text. Not at all. Common industry practice. Laws against that...

Nobody is voicing discontent about Anonymous' role. Instead, as a group, they're allowing criminals to speak. That's more frightening than a data leak. You got your priorities mixed up.

 

[404]

Explain to me why it's of huge concern, especially when we circle back to 1 example of Brad Mugford (as he's in every page demanding answers that it's tiresome catching up with the same question repeatedly).

Do you think, as a businessperson in this industry for this long that his data isn't public somewhere already prior to all this?

With the leak they obtained full purchase histories. Don't tell me you wouldn't mind your buyers knowing exactly when and what you spent on your domains?

 

[amplify]

Not login credentials. Not payment history. Not email forwards or catch-alls. Etc.

From 2014? As Joe would say, "Come on man!"

Yeah, 2014 credentials are so secretive in damn near 2022. How many cards did I have with different expiration dates and CVCs? Let's see, I get a new one in the mail every 2 years, I lost one, and I had one stolen, so 6 cards? I'm that mad my 2016 expired card is exposed?

 

[404]

And that's the least of your concerns, not focussing on B. specifically, it should be of major concern to anybody handling PPI. Basic sec. stuff.

 

[amplify]

With the leak they obtained full purchase histories. Don't tell me you wouldn't mind your buyers knowing exactly when and what you spent on your domains?

Personally, no, I don't care. I typically announce this around the forum. It's also no big secret that domain investors don't backward engineer say Drop Catch aliases to see who they're up against in an auction, then after that auction, not only know the sales price as it's recorded, but know who bought it.

 

[Tom K.]

From 2014? As Joe would say, "Come on man!"

Yeah, 2014 credentials are so secretive in damn near 2022. How many cards did I have with different expiration dates and CVCs? Let's see, I get a new one in the mail every 2 years, I lost one, and I had one stolen, so 6 cards? I'm that mad my 2016 expired card is exposed?

Really? So this is the position of Epik? Hacks happen, so accept it? Get over it?

 

[amplify]

Domain investors shouldn't care if anyone knows how much they bought it for as their goal is to still sell it for more.

While it's still a little more secretive than cars as you gotta tax based on that amount, nobody is going to be like, "Well you got this for $10000 off so you should sell it to me farther below Kelly Blue Book."

 

[404]

Personally, no, I don't care. I typically announce this around the forum. It's also no big secret that domain investors don't backward engineer say Drop Catch aliases to see who they're up against in an auction, then after that auction, not only know the sales price as it's recorded, but know who bought it.

Glad you don't. I'm not concerned either although I am annoyed I had to cancel all my CCs, update anything exposed in the E hack.

Doesn't mean just because you don't mind it's not an issue. It's a huge issue actually.

 

[404]

Domain investors shouldn't care if anyone knows how much they bought it for as their goal is to still sell it for more.

Has nothing to do with caring.i don't want my registrar to store this info for this long, all unsecured when it's against the law to do so. Again, basic stuff.

 

[404]

While it's still a little more secretive than cars as you gotta tax based on that amount, nobody is going to be like, "Well you got this for $10000 off so you should sell it to me farther below Kelly Blue Book."

No, but it's free data to competition, registries for setting premium pricing. Trust me, it's circulating and being used, and not for the good.

 

[amplify]

Really? So this is the position of Epik? Hacks happen, so accept it? Get over it?

Not downplaying it at all nor speaking for Epik because I can't and don't

Selectively reading?

I'm not under Epik. In fact, nobody at DNF is as that would display inherent bias. This is all a personal opinion, and I hope that's now clarified and that we can move on from that.