Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Epik Domain Registrar - the Far-Right Web Host's Data Leaked? Over 10 years of data!!!! - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Epik Domain Registrar - the Far-Right Web Host's Data Leaked? Over 10 years of data!!!!

2»

Comments

  • Yeah I'm not sure what I expected from someone whose name is literally "Monster" 🤔

    @quicksilver03 said: I'm open to suggestion for techniques to give out as few personal details as possible and still be able to make such purchases (thinking about payment processors checking elements of the billing address with the credit card company).

    If you're in the USA, Privacy.com is great. They let you create virtual credit cards, and you can use any name and any billing address with the generated cards. Some banks have a similar feature too (Bank of America used to have a similar feature but it used Flash... Not sure if they ever rewrote it to not use Flash). Other countries might have something similar.

    Thanked by 2MannDude adly
  • ArkasArkas Moderator

    @jsg said: Does anyone here have a list of other companies that careless moron is involved in, so that we all can avoid them?

    They recently acquired dnforum.com

    Thanked by 1jsg
  • MannDudeMannDude Host Rep, Veteran

    @Daniel15 said:
    Yeah I'm not sure what I expected from someone whose name is literally "Monster" 🤔

    @quicksilver03 said: I'm open to suggestion for techniques to give out as few personal details as possible and still be able to make such purchases (thinking about payment processors checking elements of the billing address with the credit card company).

    If you're in the USA, Privacy.com is great. They let you create virtual credit cards, and you can use any name and any billing address with the generated cards. Some banks have a similar feature too (Bank of America used to have a similar feature but it used Flash... Not sure if they ever rewrote it to not use Flash). Other countries might have something similar.

    Privacy.com is great if your bank doesn't allow you to generate / create virtual cards for online payments for sure.

    In this day and age, I'd put the ability to create virtual cards as one of the top deciding factors in choosing a bank. In fact, it's one of the reasons why I chose the startup business bank that I did. They seem to have a focus on tech startups and have modern features like this.

    Personal banking is still lacking, but for that, privacy.com shines.

  • Daniel15Daniel15 Veteran
    edited September 2021

    @MannDude said: In this day and age, I'd put the ability to create virtual cards as one of the top deciding factors in choosing a bank. In fact, it's one of the reasons why I chose the startup business bank that I did.

    I've got some bank accounts that allow virtual cards but don't allow setting a spend limit on them. That's one of my use cases for Privacy - I have a card with a $1 lifetime limit for free trials that demand a credit card number :)

    Thanked by 1TimboJones
  • Rob Monster mixed business with politics and religion and that's where Epik started to see a downfall. Paypal left, then Godaddy, and some other businesses, individuals, and then this customer-data leak by hackers. Epik will always be on the radar of someone or the other!

    Epik did got its brand tarnished in last couple of days starting 13 Sept? The public domain stats of total new domain registrations suggests so:

    Thanked by 2Arkas _MS_
  • @quicksilver03 said:
    I'll be transferring those domains ASAP to another registrar.

    Namecheap has the transfer week now https://www.namecheap.com/domains/transfer/domain-transfer-sale/ (but i'm not sure about benefit and convenience though, just sharing the news i got).

    Thanked by 1JasonM
  • @MarshalChe said:

    @quicksilver03 said:
    I'll be transferring those domains ASAP to another registrar.

    Namecheap has the transfer week now https://www.namecheap.com/domains/transfer/domain-transfer-sale/ (but i'm not sure about benefit and convenience though, just sharing the news i got).

    I'm surprised that Namecheap haven't made a page like their "Transfer from GoDaddy" page (https://www.namecheap.com/domains/transfer/transfer-from-godaddy/) yet for Epik.

    Thanked by 1JasonM
  • @Daniel15 said:

    @MarshalChe said:

    @quicksilver03 said:
    I'll be transferring those domains ASAP to another registrar.

    Namecheap has the transfer week now https://www.namecheap.com/domains/transfer/domain-transfer-sale/ (but i'm not sure about benefit and convenience though, just sharing the news i got).

    I'm surprised that Namecheap haven't made a page like their "Transfer from GoDaddy" page (https://www.namecheap.com/domains/transfer/transfer-from-godaddy/) yet for Epik.

    The very mention of Epik will make many PMS, so it's best to avoid it.

    Thanked by 1JasonM
  • Update

    epik hack includes domain-transfer auth code, and credit card numbers, up to Feb 28th.
    https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

    Thanked by 3Arkas DP dahartigan
  • skorupionskorupion Member, Host Rep

    @JasonM said:

    Update

    epik hack includes domain-transfer auth code, and credit card numbers, up to Feb 28th.
    https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/

    there probably are some that are working

    Thanked by 1JasonM
  • I've had some time to find my own data within the leak, and I can confirm that there's a database dump mapping their WHOIS privacy contacts to the actual domain owners' contacts. At least I had paid with a disposable credit card, so even if the number is found in the leak I'm very unlikely to lose any money.

    The only positive is that I managed to transfer all of my domains away from Epik in a couple of hours, as there wasn't any mandatory 5-days waiting time like I had with other registrars.

    Thanked by 1JasonM
  • Received via email:

    Hello,

    We are contacting you to notify you of an urgent security notice. Despite the extensive security practices we use to protect our platforms and customer information, we have confirmed an unauthorized intrusion into some of our domain-related systems.
    We have mobilized the full force of multiple cyber security teams to assess the scope of this intrusion. We are taking aggressive action to completely secure and remediate all potentially affected systems, while complying with all applicable laws. As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords.
    At this time, we have not confirmed that your card information has been compromised. As a precautionary measure, you may choose to contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly. Should you observe any unauthorized activity, please document and report it immediately.
    We are notifying you because we consider your privacy and security our single greatest priority. Our mission to provide legendary service to all customers remains unchanged. We appreciate your support as we work through the full resolution of this situation, and we will continue to provide you with ongoing updates as we learn more.
    Thank you,

    Epik Security Team

  • My name is now [MERGE_FIRST_NAME]

    They're offering Experian’s IdentityWorks free for two years, which is great because my free subscription from another data breach is about to expire. laughcry

  • @Daniel15 said:
    My name is now [MERGE_FIRST_NAME]

    They're offering Experian’s IdentityWorks free for two years, which is great because my free subscription from another data breach is about to expire. laughcry

    There's only one subscription purchased, allocated to [MERGE_FIRST_NAME].

  • A just leaked a second batch. Bootable disk images of several of their servers... Ouch.

  • @Saragoldfarb said:
    A just leaked a second batch. Bootable disk images of several of their servers... Ouch.

    C'mon Sara, fess up, you nearly said "I just leaked a second batch." Freudian slip? Guilty conscience? >:)

    Thanked by 1Saragoldfarb
  • @TimboJones said:

    @Saragoldfarb said:
    A just leaked a second batch. Bootable disk images of several of their servers... Ouch.

    C'mon Sara, fess up, you nearly said "I just leaked a second batch." Freudian slip? Guilty conscience? >:)

    Freudian slip... Hate to disappoint you. Guilty conscience? Most definitely :)

    Thanked by 1TimboJones
  • JasonMJasonM Member
    edited October 2021

    @Saragoldfarb said: A just leaked a second batch. Bootable disk images of several of their servers... Ouch.

    yup! the new domain registrations at Epik has slipped down since Epic Fail.

    from registrar stats

    On some days the graph shows a jump in registrations as many namepros forum members who are Rob Monster's supporters registered new domains and/or transferred-in to Epik to show solidarity towards (Rob) Monster.

    Even their customers are transferring domains out!

  • AlwaysSkintAlwaysSkint Member
    edited October 2021

    Best thread in a while!
    1. primary reason why not to store access keys at your provider.
    2. @jsg swearing like a trooper - 1st time that I've seen this. :cold_sweat:

    Thanked by 2jsg JasonM
  • @AlwaysSkint said: primary reason why not to store access keys at your provider.

    also the major leak was the domains' protected-whois data which got leaked. Lots of far-right, pro nazi, neo nazi, etc. or even people running scam/phishing sites using whois-protection at Epik got all their personal names/address/email exposed to the public (assuming they provided correct/real information while registering domains at Epik).

  • MannDudeMannDude Host Rep, Veteran

    @JasonM said:

    @AlwaysSkint said: primary reason why not to store access keys at your provider.

    also the major leak was the domains' protected-whois data which got leaked. Lots of far-right, pro nazi, neo nazi, etc. or even people running scam/phishing sites using whois-protection at Epik got all their personal names/address/email exposed to the public (assuming they provided correct/real information while registering domains at Epik).

    Also just a lot of regular people, who were attracted to good deals and now have their personal details leaked who are at risk of being put on a "nazi list" by SJWs who think everyone who had a domain there was some far right extremist or something.

  • HarambeHarambe Member, Host Rep

    @MannDude said:
    Also just a lot of regular people, who were attracted to good deals and now have their personal details leaked who are at risk of being put on a "nazi list" by SJWs who think everyone who had a domain there was some far right extremist or something.

    Yep. They were able to register some unique ccTLDs that failed to process at other registrars and had some of the better pricing for them.

    Also a lot of idiots are going through the data and not realizing that there's a difference between the whois and customer databases. There's a whois.sql dump in there with whois details on 10s of millions of domains, not just their own registrations.

Sign In or Register to comment.