Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Domain summit 2024

news Was there a Hack/Data Breach at Epik?

404

Level 4
Joined
Jul 6, 2021
Messages
130
Reaction score
59
Feedback: 0 / 0 / 0
To my understanding most registrars do have a policy of preventing pushed domains from outbound transfers for a certain period of time. They don't want an unauthorized transfer of a domain name to another registrar.

I can't speak to what the Epik policy is on this though @Tom K., although I would imagine they would have similar policy in place.

Maybe an @Epik team member can comment?


Epik locks your domain down for 60 days.
 
Domain summit 2024

404

Level 4
Joined
Jul 6, 2021
Messages
130
Reaction score
59
Feedback: 0 / 0 / 0
He has made clear he dislikes Epik and has no domain there. It would have to be seen what the policies are for the 3 registrars of the alleged stealing. But for this period to work, you have to tell something to them...


All three of the aforementioned registrars allow you to transfer out directly after a push. Albeit things at directnic may have changed, haven't been using them much as of late.
 

DomainsGENERAL.com

Level 5
Legacy Gold Member
Joined
Jul 2, 2021
Messages
277
Reaction score
137
Feedback: 2 / 0 / 0
That's some irony. So, if the story is true, he would probably have been better served to have everything at the registrar which has actually been hacked ;)
 

Tom K.

Level 8
Legacy Platinum Member
Joined
Nov 15, 2005
Messages
1,020
Reaction score
70
Feedback: 42 / 0 / 0
He has made clear he dislikes Epik and has no domain there. It would have to be seen what the policies are for the 3 registrars of the alleged stealing. But for this period to work, you have to tell something to them...
That's the key word, alleged. There is no link I can see. Only a supposition because of the timing. Here's why:

When you think about it, who has the time to go through hundreds of gigabytes of data. Like looking for a needle in a haystack. You have to know what you are looking for in the first place. The data was made public so most have had a chance to update their security. If the Anonymous hackers wanted to do something truly malicious they would have done it already. They had plenty of time and access. Believe me, I have seen malicious hackers. I've seen them deface websites and install spamware on the server clandestinely.

It's more of an embarrassment then anything and offers a trail for LEA who have the resources and who have already levied subpoenas.

 

DomainsGENERAL.com

Level 5
Legacy Gold Member
Joined
Jul 2, 2021
Messages
277
Reaction score
137
Feedback: 2 / 0 / 0
Depends on the value of the domains and how much you value keeping your cc details from being publicly available :)
Sure. But...
Bitcoin solves this.
 

DomainsGENERAL.com

Level 5
Legacy Gold Member
Joined
Jul 2, 2021
Messages
277
Reaction score
137
Feedback: 2 / 0 / 0
I guess we must read "no". Ok. Some people also have no interest in using unique passwords or 2FA.
What exactly is your point? ;)
 

JennBlogger

Level 4
Joined
Oct 18, 2021
Messages
166
Reaction score
20
Feedback: 0 / 0 / 0
Credit Karma warnings now going out about the hack:

Epik breach​

September 2021
In September 2021, Epik's database was allegedly breached. Even if you don't use your Epik account anymore, it's important to protect any info that was exposed.
 

Tom K.

Level 8
Legacy Platinum Member
Joined
Nov 15, 2005
Messages
1,020
Reaction score
70
Feedback: 42 / 0 / 0
Epik locks your domain down for 60 days.
This is only on transfers in, according to comments on NamePros. Unless anyone @Epik can clarify. And if this policy changed to include account changes, has this been the case always or since the hack?
 

404

Level 4
Joined
Jul 6, 2021
Messages
130
Reaction score
59
Feedback: 0 / 0 / 0
This is only on transfers in, according to comments on NamePros. Unless anyone @Epik can clarify. And if this policy changed to include account changes, has this been the case always or since the hack?

This has been the case with pushes and marketplace purchases as well. It requires manual involvement to get it lifted.

They have been claiming different on NP but never have given a clear answer as to why and how a lot of people are experiencing these locks.

I have another thread here about an expired domain purchase. Same issue, support won't unlock my domain.
 

base

Level 3
Joined
Oct 25, 2021
Messages
53
Reaction score
35
Feedback: 0 / 0 / 0
I think it is only prudent on the registrar's behalf to implement tighter measures if that is what we are seeing after a hack. But any sort of domain transfer, registrar to another registrar, is commonly locked for 60 days. I haven't experienced otherwise. Pushes on the other hand shouldn't really trigger any sort of a lock as they are within the same registrar thus easier to rectify if anything bad happens. Also an account push doesn't necessitate a renewal/transfer fee.

But again, if Epik is locking DN's down even after a push, good on them I mean a lot of stuff we don't know about is happening behind the scenes in terms of security because of the hack.
 

amplify

Level 5
Legacy Exclusive Member
Joined
Sep 15, 2009
Messages
3,464
Reaction score
1,171
Feedback: 68 / 0 / 0
Pushes on the other hand shouldn't really trigger any sort of a lock as they are within the same registrar thus easier to rectify if anything bad happens.
Hacker pushes your domains to their account and immediately initiates a transfer because no lock.
 

404

Level 4
Joined
Jul 6, 2021
Messages
130
Reaction score
59
Feedback: 0 / 0 / 0
Hacker pushes your domains to their account and immediately initiates a transfer because no lock.

Which could be overcome by inserting an approval by the registrant to unlock. Both for push and transfer.

If hackers really want to steal your domain, they'll hide, fly under the radar and nick your domain when the opportunity is there.

No lock will prevent this.
 

mr-x

Level 7
Legacy Exclusive Member
Joined
Oct 12, 2003
Messages
870
Reaction score
181
Feedback: 12 / 0 / 0
Hacker pushes your domains to their account and immediately initiates a transfer because no lock.

If the register initiates a lock on account change, and the push requires manual acceptance and updates the registrant ( like at godaddy ) the domain is locked for a period.
 

Tom K.

Level 8
Legacy Platinum Member
Joined
Nov 15, 2005
Messages
1,020
Reaction score
70
Feedback: 42 / 0 / 0
Which could be overcome by inserting an approval by the registrant to unlock. Both for push and transfer.

If hackers really want to steal your domain, they'll hide, fly under the radar and nick your domain when the opportunity is there.

No lock will prevent this.
The hackers were in the Epik servers for months prior to the data dumps, roving about the backend downloading data. They were able to execute shell commands very easily. It was Rob's denials that prompted those dumps. The hackers were fully capable to do unrecoverable damage if they chose to do so.
 

404

Level 4
Joined
Jul 6, 2021
Messages
130
Reaction score
59
Feedback: 0 / 0 / 0
The hackers were in the Epik servers for months prior to the data dumps, roving about the backend downloading data. They were able to execute shell commands very easily. It was Rob's denials that prompted those dumps. The hackers were fully capable to do unrecoverable damage if they chose to do so.


Yes. That's the most worrysome about hacks like this. At what point and given what security measures can you reasonably assume they're not still hiding in your systems?

I'm not overly concerned but I wouldn't take my chances keeping domains of proper value at Epik.
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
MariaBuy

New Threads

Our Mods' Businesses

Free QR Code Generator by MerchArts
UrlPick.com

*the exceptional businesses of our esteemed moderators

Top Bottom