news Was there a Hack/Data Breach at Epik?

Visit nameliquidate.com
ebook DomainGraduate.com

404

Level 3
Joined
Jul 6, 2021
Messages
75
Reaction score
27
Feedback: 0 / 0 / 0
To my understanding most registrars do have a policy of preventing pushed domains from outbound transfers for a certain period of time. They don't want an unauthorized transfer of a domain name to another registrar.

I can't speak to what the Epik policy is on this though @Tom K., although I would imagine they would have similar policy in place.

Maybe an @Epik team member can comment?


Epik locks your domain down for 60 days.
 
Visit Epik

404

Level 3
Joined
Jul 6, 2021
Messages
75
Reaction score
27
Feedback: 0 / 0 / 0
He has made clear he dislikes Epik and has no domain there. It would have to be seen what the policies are for the 3 registrars of the alleged stealing. But for this period to work, you have to tell something to them...


All three of the aforementioned registrars allow you to transfer out directly after a push. Albeit things at directnic may have changed, haven't been using them much as of late.
 
Joined
Jul 2, 2021
Messages
225
Reaction score
113
Feedback: 2 / 0 / 0
That's some irony. So, if the story is true, he would probably have been better served to have everything at the registrar which has actually been hacked ;)
 

Tom K.

Level 8
Joined
Nov 15, 2005
Messages
1,018
Reaction score
69
Feedback: 42 / 0 / 0
He has made clear he dislikes Epik and has no domain there. It would have to be seen what the policies are for the 3 registrars of the alleged stealing. But for this period to work, you have to tell something to them...
That's the key word, alleged. There is no link I can see. Only a supposition because of the timing. Here's why:

When you think about it, who has the time to go through hundreds of gigabytes of data. Like looking for a needle in a haystack. You have to know what you are looking for in the first place. The data was made public so most have had a chance to update their security. If the Anonymous hackers wanted to do something truly malicious they would have done it already. They had plenty of time and access. Believe me, I have seen malicious hackers. I've seen them deface websites and install spamware on the server clandestinely.

It's more of an embarrassment then anything and offers a trail for LEA who have the resources and who have already levied subpoenas.

 
Joined
Jul 2, 2021
Messages
225
Reaction score
113
Feedback: 2 / 0 / 0
I guess we must read "no". Ok. Some people also have no interest in using unique passwords or 2FA.
What exactly is your point? ;)
 

JennBlogger

Level 4
Joined
Oct 18, 2021
Messages
166
Reaction score
20
Feedback: 0 / 0 / 0
Credit Karma warnings now going out about the hack:

Epik breach​

September 2021
In September 2021, Epik's database was allegedly breached. Even if you don't use your Epik account anymore, it's important to protect any info that was exposed.
 

Tom K.

Level 8
Joined
Nov 15, 2005
Messages
1,018
Reaction score
69
Feedback: 42 / 0 / 0
Epik locks your domain down for 60 days.
This is only on transfers in, according to comments on NamePros. Unless anyone @Epik can clarify. And if this policy changed to include account changes, has this been the case always or since the hack?
 

404

Level 3
Joined
Jul 6, 2021
Messages
75
Reaction score
27
Feedback: 0 / 0 / 0
This is only on transfers in, according to comments on NamePros. Unless anyone @Epik can clarify. And if this policy changed to include account changes, has this been the case always or since the hack?

This has been the case with pushes and marketplace purchases as well. It requires manual involvement to get it lifted.

They have been claiming different on NP but never have given a clear answer as to why and how a lot of people are experiencing these locks.

I have another thread here about an expired domain purchase. Same issue, support won't unlock my domain.
 

base

Level 2
Joined
Oct 25, 2021
Messages
26
Reaction score
17
Feedback: 0 / 0 / 0
I think it is only prudent on the registrar's behalf to implement tighter measures if that is what we are seeing after a hack. But any sort of domain transfer, registrar to another registrar, is commonly locked for 60 days. I haven't experienced otherwise. Pushes on the other hand shouldn't really trigger any sort of a lock as they are within the same registrar thus easier to rectify if anything bad happens. Also an account push doesn't necessitate a renewal/transfer fee.

But again, if Epik is locking DN's down even after a push, good on them I mean a lot of stuff we don't know about is happening behind the scenes in terms of security because of the hack.
 

amplify

Level 9
DNForum.com Staff
Joined
Sep 15, 2009
Messages
3,359
Reaction score
1,101
Feedback: 67 / 0 / 0
Pushes on the other hand shouldn't really trigger any sort of a lock as they are within the same registrar thus easier to rectify if anything bad happens.
Hacker pushes your domains to their account and immediately initiates a transfer because no lock.
 

404

Level 3
Joined
Jul 6, 2021
Messages
75
Reaction score
27
Feedback: 0 / 0 / 0
Hacker pushes your domains to their account and immediately initiates a transfer because no lock.

Which could be overcome by inserting an approval by the registrant to unlock. Both for push and transfer.

If hackers really want to steal your domain, they'll hide, fly under the radar and nick your domain when the opportunity is there.

No lock will prevent this.
 

mr-x

Level 7
Joined
Oct 12, 2003
Messages
845
Reaction score
168
Feedback: 12 / 0 / 0
Hacker pushes your domains to their account and immediately initiates a transfer because no lock.

If the register initiates a lock on account change, and the push requires manual acceptance and updates the registrant ( like at godaddy ) the domain is locked for a period.
 

Tom K.

Level 8
Joined
Nov 15, 2005
Messages
1,018
Reaction score
69
Feedback: 42 / 0 / 0
Which could be overcome by inserting an approval by the registrant to unlock. Both for push and transfer.

If hackers really want to steal your domain, they'll hide, fly under the radar and nick your domain when the opportunity is there.

No lock will prevent this.
The hackers were in the Epik servers for months prior to the data dumps, roving about the backend downloading data. They were able to execute shell commands very easily. It was Rob's denials that prompted those dumps. The hackers were fully capable to do unrecoverable damage if they chose to do so.
 

404

Level 3
Joined
Jul 6, 2021
Messages
75
Reaction score
27
Feedback: 0 / 0 / 0
The hackers were in the Epik servers for months prior to the data dumps, roving about the backend downloading data. They were able to execute shell commands very easily. It was Rob's denials that prompted those dumps. The hackers were fully capable to do unrecoverable damage if they chose to do so.


Yes. That's the most worrysome about hacks like this. At what point and given what security measures can you reasonably assume they're not still hiding in your systems?

I'm not overly concerned but I wouldn't take my chances keeping domains of proper value at Epik.
 
Visit nameinvestors.com
Visit Epik domain registrar

Latest resources

Forum statistics

Threads
521,548
Messages
1,931,509
Members
532,011
Latest member
sbdigitonics
Top Bottom