news Was there a Hack/Data Breach at Epik?

[amplify]

Has nothing to do with caring.i don't want my registrar to store this info for this long, all unsecured when it's against the law to do so. Again, basic stuff.

You mean whois data? Domainers have scraped that dry plenty of times before the change. Why would private investors delete it? It's valuable information.

 

[404]

This is all a personal opinion, and I hope that's now clarified and that we can move on from that.

Consider additional levels of appreciations as I wanted to agree but would never like that post.

 

[amplify]

No, but it's free data to competition, registries for setting premium pricing. Trust me, it's circulating and being used, and not for the good.

If other registrars want to use illegally obtained information to try and obtain a handful of new customers (yes, a handful) and risk the legal implications over that for a couple thousand dollars...

Thanks for the early morning hoot! I woke up too early and going to catch another hour or two. I'll catch up later if it's even worth responding.

 

[404]

illegally obtained information

Nope. It's out. Nothing illegal about it.

 

[404]

You mean whois data? Domainers have scraped that dry plenty of times before the change. Why would private investors delete it? It's valuable information.

Nope, ment the bigger sum of all data leaked but even leaked whois data is an issue. E was scraping data, they stored it, for no good reason. That was leaked as well. Even if you were never an E customer your data may be out there due to the E hack.

 

[Tom K.]

I'm not under Epik. In fact, nobody at DNF is as that would display inherent bias. This is all a personal opinion, and I hope that's now clarified and that we can move on from that.

I find it hard to separate you or any staff of DNF from Epik since the logo clearly states it is powered by Epik. It is common knowledge that Epik bought DNF, all the ads are for Epik services, and I doubt you would do anything without Rob's approval or reject any of his wishes/directions.

 

[404]

Point being, I'm not overly concerned but when a company doesn't address serious security issues in an adequate manner... It raises a whole lot of questions.

Imagine having stuff there under development... Entire websites included in the hack (DNF being one of them). Not a pretty picture.

 

[404]

I'll catch up later if it's even worth responding

Sounds a lot like E's MO. Enjoy your coffee though

 

[amplify]

Sounds a lot like E's MO. Enjoy your coffee though

As I know in this struggle session it'll be brought up more, but I'll drop this nugget again:

nor speaking for Epik because I can't and don't

And affirm, I'm not at Epik. I don't even have an @epik.com email address. That is important for the community to know so they are aware of our impartial position with Epik. We do not, as a community, put Epik on a pedestal or have a secret bias that everyone just knows.

For their manpower helping DNF develop innovative technologies on the Xenforo platform, they do get special privileges such as being prominently displayed in our logo ("Powered by Epik") and advertising space though. I think that is only fair for the cost of development that we're going to be dropping into the forum to make it like nothing else on the market, don't you? However, they're not getting preferential treatment. I have moved plenty of Rob's posts made here into appropriate forums, etc.

As far as my personal bias for Epik goes, it's quite clear. I have an affiliate link in my signature (go sign up and give me a buck if you want!). This is because Uniregistry had me priced in at $8.20ish (at cost) domains because of my position as a "personality", I would guess, when I wrote for domain blogs.

After GoDaddy took over, they no longer saw that I was necessary and took my pricing away, which should've been grandfathered in. Since then I hopped to a cheaper registry, you know, the one that the other forum has a clear bias for (Dynadot--staff members also introduced me to it in private, so don't tell me there isn't). Then, Rob came along and I saw how great prices were at Epik. While I liked the Uni UI more than Epik's, it's not a dealbreaker and I'm getting used to it. Epik keeps their word and Rob is genuinely a nice guy and I don't think Epik or him would do me wrong like GoDaddy did after they acquired Uni.

I'll be back to probably answer your same question about speaking for Epik again, but in another way...

 

[accurate]

Honestly @Tom K., people seem to have it out for Epik no matter what.

Because of social media and the mainstream media networks we are politically divided.

They don't want to see Epik burn.

I do agree it would be nice to have more @robmonster input here. I do understand he is busy and likely under a lot of stress.

I did already outline and tagged you for security steps Epik has taken here.

I recommend others see that as well.

That doesn't mean I defend the sh*t security practices Epik had. I also don't believe they handled this data breach well at all.

They want to see Epik fix their security instead of continuing as if nothing happened.

Not defending any business practices here but I am wondering if this whois scraping is in fact done by other registrars? Especially ones that dealt a lot with New Gs.

The fact that someone didn't have domains hosted at Epik is a moot point. I have an account but no domains and my data was exposed. Also many non-customers are impacted because Epik harvests whois data of non-customers as well. See this article: https://arstechnica.com/information...cts-15-million-users-including-non-customers/

It's one thing to have intelligent discussions but NPs is not that.

I don't go to NPs at all these days since it gives me a headache. What I see is only 98% drivel about useless domain extensions and fake sales.

I think you just answered why the thread at NamePros is so busy. Whenever a company is so tight-lipped or does a marketing spin when they speak, the community will fill in the silence.

Good point. @amplify.

They've = Anonymous

And I don't see anyone rushing to blame the criminals, yet give them a stronger voice and deflect any public responsibility on a crime organizationor's part in this.

The hack and data breach was all about money and attention.

Not 1 person has gone against Anonymous and their part in it. They say, "yes the hack was bad", but yet they still engage with the very criminals that perpetrated this. Show me any posts to the contrary that, say you or Brad, explicitly called out Anonymous and the "representatives" of the organization to state their role in all this. It's madness.

You haven't heard the new administration says the Taliban are our allies?

Them again, you're probably the type of people fine that the Taliban can have Twitter but Trump can't.

We should actually since that info will be used against us. I usually keep most of my transactions private for various reasons.

However, most buyers are not smart enough to even visit a domain name before purchasing. I'm talking even top end sales I've had.

Domain investors shouldn't care if anyone knows how much they bought it for as their goal is to still sell it for more.

A competing registrar is not going to download and mine contact data that was obtained illegally. You know for sure other domain registrars are using this data?

No, but it's free data to competition, registries for setting premium pricing. Trust me, it's circulating and being used, and not for the good.

 

[Tom K.]

Honestly @Tom K., people seem to have it out for Epik no matter what.

Why do you think that is?

I do agree it would be nice to have more @robmonster input here. I do understand he is busy and likely under a lot of stress.

I did already outline and tagged you for security steps Epik has taken here.

Once a code has been breached, it continues to be very vulnerable. My job is programming and whenever there are major updates to language or server processors you have to go through the code to update parts of the code to keep it secure. Then there is network security. If code hasn't been updated in over 10 years, it makes things a lot more stressful. It is also stressful for those whose data has been compromised.

Ask yourself, would those security steps outlined in the link you posted have been taken if there was no such public data dump? Most of the things listed are superficial, or too little too late. The heart of the matter lies in the "shitty code".

 

[amplify]

You haven't heard the new administration says the Taliban are our allies?

Yes, I saw that. I can't believe that I saw a Marine 4-Star General state that we were using them as "tools". Honestly never been so sick.

The ranks of the military have been infiltrated by politicians that no longer are accountable for their actions.

 

[amplify]

Nope. It's out. Nothing illegal about it.

The information is now public because it's on the internet. That does not mean that none of it is copyrighted or protected. Even you having a copy, having it and going through it is illegal. I don't see how nobody understands this concept. Did Epik explicitly license you any part of that of that data? If the answer is no, it's illegal content and you probably should delete it. I mean, nobody is going to probably catch you as you're not the fish they gotta fry.

If anyone is going down, they'll go for the head of the snake with a lot of public evidence with shared "lulz" (self-incrimination) that fulfills all three elements of a crime.
Motive: Politically charged
Intent:
General - Knowing who took part in the "hacktivism" and/or participating in it themselves to egg the hackers on to do more
Specific - Destroy a political advisory by inflicting as much real-world harm as possible due to political beliefs.
Opportunity - Here's the funny part... "Shitty Russian code".

 

[Tom K.]

If anyone is going down, they'll go for the head of the snake with a lot of public evidence with shared "lulz" (self-incrimination) that fulfills all three elements of a crime.
Motive: Politically charged
Intent:
General - Knowing who took part in the "hacktivism" and/or participating in it themselves to egg the hackers on to do more
Specific - Destroy a political advisory by inflicting as much real-world harm as possible due to political beliefs.
Opportunity - Here's the funny part... "Shitty Russian code".

This does sound like something Rob would say. It is unfortunate that he likes to play the victim. I mean, he started a thread about a "struggle session". In a way, it is a very sad thing. The legality of everything surrounding the hack and the data dump will be investigated, this includes what is uncovered in the data. Like, there were some shady actors being hosted and their data was exposed. Hopefully, the innocent customers (bystanders) were able to change passwords and cancel credit cards. But the legal system moves slowly, so it seems it will be a while before everything sees the light of day.

 

[robmonster]

My goodness, this thread got busy today.

Quick update:

- The tech work continues apace. Most significantly is the explicit separation of Dev and Ops. Traditionally in a small enterprise those teams can be one and the same but as an organization achieves maturity, those functions become operationally separate.

- The oldest legacy code from the 2011 acquisition of Intrust Domains is substantially being upgraded and ultimately replaced. Bear in mind that the registrar software is a rather unique class of software so full replacement is not a small task, but because we have a large dev team that work is well under way.

- Software like Masterbucks, DNProtect.com, WHOQ.com and TrustRatings.com are more representative of modern coding frameworks. They were being deployed apace. Some of these ecosystem innovations are now on a slower track due to the emphasis on the core.

- The support team continues to do an exemplary job, as it has undergone significant expansion and upgrade, operating 24.7 for email, chat and phone. Our TrustPilot score has stayed at or around 4.9 throughout the episode. Account security and domain security remain our top priority.

- Domains under management also continues to rise and never dropped below the level when the incident occurred. Today's transfers out were a benign 62 domains, quite typical for a registrar where domains are being bought and sold. Nearly 600 transfers in, vast majority of which is .com.

As for the topic of "shady customers", let me remind the deal reminder of our thoughtful analysis on the topic:

SPLC Weaponizes False Claims of Racism to Support Big Tech Monopolies - Epik Blog

www.epik.com

The reality is that Epik has very few of these so-called problem customers.

What is also worth noting is that customers like Gab.com which the SPLC reviles just celebrated their 3 year anniversary of the brutal takedown operation that was directed against them.

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was…'

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was in ruins, but this is the story of how Jesus saved me and lifted Gab up to become one of the top websites online. Gab had been systematically removed from the entire internet all in the same week: app stores, domain...

gab.com

I believe Epik made the right decision in allowing them to come back online when Godaddy booted them. The controlled media has never really forgiven Epik for that decision, but the reality is that they have sown the seeds of their own destruction as evidenced by the viral "Lets go Brandon" meme which mocks media doublespeak.

And now we have entered into a new chapter with the arrival of DWAC and a multi-billion dollar war chest with which to buy those assets that have yet to be destroyed by other means. The following image from the DWAC investor briefing is illustrative of the plan:



What these organizations will ultimately will find that not everything can be bought, and not everyone has a price. That was the implied subtext of this Tweet:

https://twitter.com/i/web/status/1453135652145483776

We are heading into a very interesting phase. Those of you who enjoy independent media might some day appreciate the useful role that Epik played.

If you are wondering why Epik got so much attention in the last 2 months, you might consider what others have already concluded: there are no other Epik's.

If you enjoy being lied to, or like losing your civil liberty, that is your prerogative. Most people would rather have it the American way which is why Epik is their friend and ally, even if it is occasionally uncomfortable to utter it.

https://twitter.com/i/web/status/1453518755171024900

Thanks to all our dear industry friends who continue to have our back, and who understand the historic times we are living in, and govern themselves accordingly.

#BeEpik

 

[amplify]

This does sound like something Rob would say.

It should be something everyone in the domain community should be coming together and all saying. We should reinforce and double down on the attack being illegal and terroristic. Instead, it looks like that's overlooked to try and destroy Epik for leaving the door unlocked? Really weird as we'd never blame the victim of robbery for forgetting to lock their door and would still push for our neighbor—in this case, whether you like it or not, Epik and customers—to get justice or a conviction.

But the legal system moves slowly, so it seems it will be a while before everything sees the light of day.

Indeed it does, but I believe that justice is eventually served. So enjoy the lulz for the next decade to two while the case is being built (pretty sure the Texas GOP is on it, but can't speak for them nor Epik, only myself and the actions that I will take), fearing every day that it's your last day of freedom for a good minute.

Everyone's gone mad if they can't speak out againt the hack, and more specifically, the hackers. Instead we are empowering them with a platform to speak? Scared of being attacked for speaking up for what's right? Yeah, that's why it's terrorism, and last I checked, that had a much harsher punishment than merely unauthorized system access.

Funny how the hackers became what they're trying to fight, going at it in an illegal way when we have systems in place to achieve the same desired effect of labeling organizations as terror groups.

 

[Tom K.]

My goodness, this thread got busy today.

Quick update:

- The tech work continues apace. Most significantly is the explicit separation of Dev and Ops. Traditionally in a small enterprise those teams can be one and the same but as an organization achieves maturity, those functions become operationally separate.

- The oldest legacy code from the 2011 acquisition of Intrust Domains is substantially being upgraded and ultimately replaced. Bear in mind that the registrar software is a rather unique class of software so full replacement is not a small task, but because we have a large dev team that work is well under way.

- Software like Masterbucks, DNProtect.com, WHOQ.com and TrustRatings.com are more representative of modern coding frameworks. They were being deployed apace. Some of these ecosystem innovations are now on a slower track due to the emphasis on the core.

- The support team continues to do an exemplary job, as it has undergone significant expansion and upgrade, operating 24.7 for email, chat and phone. Our TrustPilot score has stayed at or around 4.9 throughout the episode. Account security and domain security remain our top priority.

- Domains under management also continues to rise and never dropped below the level when the incident occurred. Today's transfers out were a benign 62 domains, quite typical for a registrar where domains are being bought and sold. Nearly 600 transfers in, vast majority of which is .com.

As for the topic of "shady customers", let me remind the deal reminder of our thoughtful analysis on the topic:

SPLC Weaponizes False Claims of Racism to Support Big Tech Monopolies - Epik Blog

www.epik.com

The reality is that Epik has very few of these so-called problem customers.

What is also worth noting is that customers like Gab.com which the SPLC reviles just celebrated their 3 year anniversary of the brutal takedown operation that was directed against them.

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was…'

Andrew Torba ✝️ on Gab: 'Three years ago today my life and my business was in ruins, but this is the story of how Jesus saved me and lifted Gab up to become one of the top websites online. Gab had been systematically removed from the entire internet all in the same week: app stores, domain...

gab.com

I believe Epik made the right decision in allowing them to come back online when Godaddy booted them. The controlled media has never really forgiven Epik for that decision, but the reality is that they have sown the seeds of their own destruction as evidenced by the viral "Lets go Brandon" meme which mocks media doublespeak.

And now we have entered into a new chapter with the arrival of DWAC and a multi-billion dollar war chest with which to buy those assets that have yet to be destroyed by other means. The following image from the DWAC investor briefing is illustrative of the plan:

View attachment 5594

What these organizations will ultimately will find that not everything can be bought, and not everyone has a price. That was the implied subtext of this Tweet:

https://twitter.com/i/web/status/1453135652145483776

We are heading into a very interesting phase. Those of you who enjoy independent media might some day appreciate the useful role that Epik played.

If you are wondering why Epik got so much attention in the last 2 months, you might consider what others have already concluded: there are no other Epik's.

If you enjoy being lied to, or like losing your civil liberty, that is your prerogative. Most people would rather have it the American way which is why Epik is their friend and ally, even if it is occasionally uncomfortable to utter it.

https://twitter.com/i/web/status/1453518755171024900

Thanks to all our dear industry friends who continue to have our back, and who understand the historic times we are living in, and govern themselves accordingly.

#BeEpik

I do think there are other Epiks out there, just not with the same high profile (notoriety?).

I hope that people do not automatically trust the media, no matter which side those lean, but instead use common sense, critical thinking, move outside their comfort zone, and don't stay in a bubble or echo chamber that only reinforces their established beliefs. Unfortunately we are seeing less and less of that today, which is why the world is so polarized. The word "truth" has lost its power. The words "free speech" have been perverted. Less and less people are interested in facts and evidence, because those things may challenge their belief system. And that's a scary thing to most.

Well, hopefully this fiasco ends in the betterment of the domaining community as a whole.

 

[404]

Epik keeps their word and Rob is genuinely a nice guy and I don't think Epik or him would do me wrong like GoDaddy did after they acquired Uni.

Yes. I agree. From my observations I can only conclude he's a nice guy. Bit gullible maybe, given things that have come to light because of the hack. But yes, I have nothing against Rob or Epik. They're fighting a cause I support. And Rob has helped countless of people based upon his believes and convictions, no strings attached. Unfortunately they haven't been technically able to deliver as advertised.

Not defending any business practices here but I am wondering if this whois scraping is in fact done by other registrars?

Most probably. No doubt in my mind. Scraping has gotten harder but the likes of GD are storing a lot of data they probably shouldn't.

It's one thing to have intelligent discussions but NPs is not that.

Depends. There are some very interesting people on that forum. Even some of the worst are quite nice to be talking with in private if you just give them the chance to engage in an open-minded discussion.

Did Epik explicitly license you any part of that of that data? If the answer is no, it's illegal content and you probably should delete it. I mean, nobody is going to probably catch you as you're not the fish they gotta fry.

Nope. But as little info has been shared by E and data is surfacing just about anywhere I have the obligation to myself and my clients to check and confirm what the data contains. It's astonishing.

It's not illegal to use and download for research. Not an lawyer, not 100% up to speed with the us legal system either but where I'm from there's nothing illegal about it, depending on what you're using it for obviously.

 

[Neoget]

I say like this "if you hate someone or a company you will always find what to throw at them" I personally hate Google, FB, Twitter and others, believe me if they get hacked they will not be able to wash themselves their entire lives.
No need to dramatize over Epik hack, you have no idea in what Blood your governments make baths.

 

[amplify]

I personally hate Google, FB, Twitter and others

Life's too short to have that much content for someone or something.

I'm typically mad for about 5 minutes. I may think about it later on or repeatedly, but it never gets to me like those first 5 minutes.