Forums
New posts
New posts
Search forums
Market
Domains/Websites Wanted
.com Domain Market
gTLD Domain Market
ccTLD Domain Market
Web3 Domain Market
Third-Level Domain Market
Adult Domain Market
What's New
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Account Upgrade
Premium Members Directory
Log in
Register
What's New
calendar
Search
Search
Search titles only
By:
New posts
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Forums
Domain Discussion
Domain Name News
Was there a Hack/Data Breach at Epik?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="robmonster" data-source="post: 2347197" data-attributes="member: 143534"><p>My relative silence in this thread should not be misunderstood for being indifference. I don't think it will come as a surprise that the normally hard-working Epik team was working particularly hard in recent weeks.</p><p></p><p>Although it is too early to declare victory, we are certainly making progress. Here is a recap of just some of the actions taken:</p><p></p><p> Retained forensic investigation and technical security firm on a full-time basis;</p><p></p><p> Retained data privacy and cybersecurity outside counsels to report and remediate the Incident;</p><p></p><p> Implemented industry best practice for secure password vault;</p><p></p><p> Worked with development teams to cycle all SSH keys multiple times and shut down other means of access to Epik systems;</p><p></p><p> Implement bug bounty program (est. Oct 7, 2021);</p><p></p><p> Daily coordinated work and efforts combining executive, legal, PR, and security team;</p><p></p><p> Migrated all source code to new platform;</p><p></p><p> Forced client password resets;</p><p></p><p> Shut down all outside access endpoints into Epik’s systems;</p><p></p><p> Removed all credit card information from live databases;</p><p></p><p> Implemented an SSO where strongly encrypted passwords are not stored on Epik systems and authorization;</p><p></p><p> Continued to expunge unnecessary personal information from systems and implement best practices;</p><p></p><p> Explored SOC-2 Compliance options after Incident response in near-term;</p><p></p><p> Notified clients who were impacted by the data Incident on several dates (Sept 18 and 20, 2021), secured critical systems and provided 2 years of credit monitoring to clients who had payment information included in the Incident;</p><p></p><p> Timely notified State Attorneys General in relevant jurisdictions, where prescribed by applicable state data breach notification law;</p><p></p><p> Worked with the FBI to help identify the threat actors and take appropriate legal action.</p><p></p><p>I do greatly appreciate the continued support of our loyal clients as we continue to deploy best practices across the board as we set the stage to be an even better version of Epik.</p><p></p><p>#BeEpik</p></blockquote><p></p>
[QUOTE="robmonster, post: 2347197, member: 143534"] My relative silence in this thread should not be misunderstood for being indifference. I don't think it will come as a surprise that the normally hard-working Epik team was working particularly hard in recent weeks. Although it is too early to declare victory, we are certainly making progress. Here is a recap of just some of the actions taken: Retained forensic investigation and technical security firm on a full-time basis; Retained data privacy and cybersecurity outside counsels to report and remediate the Incident; Implemented industry best practice for secure password vault; Worked with development teams to cycle all SSH keys multiple times and shut down other means of access to Epik systems; Implement bug bounty program (est. Oct 7, 2021); Daily coordinated work and efforts combining executive, legal, PR, and security team; Migrated all source code to new platform; Forced client password resets; Shut down all outside access endpoints into Epik’s systems; Removed all credit card information from live databases; Implemented an SSO where strongly encrypted passwords are not stored on Epik systems and authorization; Continued to expunge unnecessary personal information from systems and implement best practices; Explored SOC-2 Compliance options after Incident response in near-term; Notified clients who were impacted by the data Incident on several dates (Sept 18 and 20, 2021), secured critical systems and provided 2 years of credit monitoring to clients who had payment information included in the Incident; Timely notified State Attorneys General in relevant jurisdictions, where prescribed by applicable state data breach notification law; Worked with the FBI to help identify the threat actors and take appropriate legal action. I do greatly appreciate the continued support of our loyal clients as we continue to deploy best practices across the board as we set the stage to be an even better version of Epik. #BeEpik [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Domain Discussion
Domain Name News
Was there a Hack/Data Breach at Epik?
Top
Bottom