Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Domain summit 2024

news Was there a Hack/Data Breach at Epik?

Domain summit 2024

amplify

Level 5
Legacy Exclusive Member
Joined
Sep 15, 2009
Messages
3,464
Reaction score
1,171
Feedback: 68 / 0 / 0
Who are you again lol.
The people that didn't like the company will always remain just that. There is no convincing this group otherwise. It seems like you are in this group with previously bowing out, though you're always welcome here.

I know where my domains are safe. 👇👇👇
 

Neoget

Level 5
Joined
Jul 5, 2021
Messages
312
Reaction score
149
Feedback: 0 / 0 / 0
It would be good for Epik to add some kind of password protection or 2FA for every domain lock, so that before it is unlocked you would have to input a password which can be sent by SMS, e-mail or app on mobile.
2FA for Domain Unlock.
I have seen on Porkbun you can protect every domain with it's own password, so if someone gain access to your account they must know the password for the domain to be able to do any changes to it, this is not 2FA but still useful for additional security.
 

amplify

Level 5
Legacy Exclusive Member
Joined
Sep 15, 2009
Messages
3,464
Reaction score
1,171
Feedback: 68 / 0 / 0
2FA for Domain Unlock.
I have seen on Porkbun you can protect every domain with it's own password, so if someone gain access to your account they must know the password for the domain to be able to do any changes to it, this is not 2FA but still useful for additional security.
That would seem like a nightmare to do with hundreds to thousands of names under management.

Just 2FA and a registrar lock is all I need. :)
 

accurate

Level 8
Legacy Exclusive Member
Joined
Sep 28, 2012
Messages
1,233
Reaction score
475
Feedback: 0 / 0 / 0
It's not for domain investors @amplify it's for mission critical businesses. @Neoget

There are other registrars that offer similar solutions. Especially at a corporate domain level.
 

Neoget

Level 5
Joined
Jul 5, 2021
Messages
312
Reaction score
149
Feedback: 0 / 0 / 0
I went and checked my emails and passwords used at Epik on haveibeenpwned.com and only the emails show true but passwords show false.
How to explain this?
Or the database is not updated yet with passwords from Epik hack or the passwords are not leacked, even if such I consider changing passwords is a must, cause hackers may have their own agenda to keep them for themselves.
 

accurate

Level 8
Legacy Exclusive Member
Joined
Sep 28, 2012
Messages
1,233
Reaction score
475
Feedback: 0 / 0 / 0
I would like to hear from Epik about why all this security infrastructure was bad.
 

accurate

Level 8
Legacy Exclusive Member
Joined
Sep 28, 2012
Messages
1,233
Reaction score
475
Feedback: 0 / 0 / 0
Email from Epik.

Hello,

We previously notified that on September 15, Epik confirmed a data intrusion involving its customers’ personal information. Though our forensic investigation is still ongoing, we can now confirm additional details of this intrusion.

What happened:
While we continue to investigate, we believe that on or before September 13, 2021, unauthorized third parties accessed a backup copy of Epik’s domain-side service accounts through one or more non-public servers.

What personal information may have been obtained:
Name, address, email address, username, password, phone and VAT number (if given), transaction history, domain ownership, and for a small subset of users, credit card information.

What we are doing:
As previously stated, we have retained multiple cybersecurity partners to investigate the incident, secure our services, help affected users, and notify you, law enforcement, and other relevant authorities. We are continuing to communicate with relevant authorities and other stakeholders as well.

At this time, we have secured access to our domain-side services and have applied additional security measures to help protect services and users going forward.

In addition, we will offer free credit monitoring until September 15, 2023, for all affected Epik users; more details on this free service will be made available soon.

Additional options for users:
1. Change your Epik password and enable two-factor authentication by visiting: https://www.epik.com/support/knowledgebase/how-to-reset-password-epik-user-password-when-user-forgot-it

2. Call Epik Toll-Free at 800-510-3282 for further information and assistance.

3. The Federal Trade Commission (FTC) recommends that you place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. This can be done by contacting any one of the three major credit bureaus:

Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
Experian: experian.com/help or 1-888-397-3742
TransUnion: transunion.com/credit-help or 1-888-909-8872

4. Request a free credit report from each credit bureau after placing a fraud alert on your file. Review these credit reports for any accounts and inquiries you do not recognize, as they may be signs of identity theft. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and obtain recovery steps. Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically so you can spot problems and address them quickly.

5. You may also want to consider placing a free credit freeze on your file. A credit freeze prevents potential creditors from obtaining your credit report, making it less likely for an identity thief to open new accounts in your name. To place a freeze, contact each of the major credit bureaus using the links or phone numbers above. A freeze will remain in place until you ask the credit bureau to temporarily lift or remove it.

6. Visit IdentityTheft.gov/databreach, for additional resources and help to protect yourself from identity theft or call 1-877-438-4338.

7. Learn more about your rights under the Fair Credit Reporting Act here.

8. Contact your local Attorney General or local law enforcement to report suspected identity theft by filing or obtaining a police report.

Thank you for your continued support. We will continue to keep you updated.

Epik Security Team
 

DomainsGENERAL.com

Level 5
Legacy Gold Member
Joined
Jul 2, 2021
Messages
277
Reaction score
137
Feedback: 2 / 0 / 0
Epik was storing failed login attempts?
Crazy if this is true.😮
Because a lot of websites don't do exactly the same thing!? I fail to see what would be "crazy" about it. Maybe you were a little naive on the quantity of information logged online on you.
 

DomainsGENERAL.com

Level 5
Legacy Gold Member
Joined
Jul 2, 2021
Messages
277
Reaction score
137
Feedback: 2 / 0 / 0
It's a load of BS without an actual SQL dump. View attachment 5375
I didn't download the 168Gb of data myself and look into it. But about the WHOIS, Epik were providing "whois PRIVACY" like many registrar (almost all), and this seems to have been released. So, NO, it wasn't "public" information for most people. It seems even past (hidden because of whois privacy) information is now out there. Like you once had a domain several years ago, with nobody being supposedly able to know that thanks to whois privacy, and you don't have it since a while: According to what's being said, now everybody can know about it.
 

accurate

Level 8
Legacy Exclusive Member
Joined
Sep 28, 2012
Messages
1,233
Reaction score
475
Feedback: 0 / 0 / 0
I didn't download the 168Gb of data myself and look into it. But about the WHOIS, Epik were providing "whois PRIVACY" like many registrar (almost all), and this seems to have been released. So, NO, it wasn't "public" information for most people. It seems even past (hidden because of whois privacy) information is now out there. Like you once had a domain several years ago, with nobody being supposedly able to know that thanks to whois privacy, and you don't have it since a while: According to what's being said, now everybody can know about it.

What are you saying here?
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
MariaBuy

Our Mods' Businesses

Free QR Code Generator by MerchArts
UrlPick.com

*the exceptional businesses of our esteemed moderators

Top Bottom