A group claims that it has hacked Epik and downloaded significant data.
A group says it has hacked domain name registrar Epik and released a trove of data online.
A posting (see PDF version) claims that the hackers gained access to data about all domain purchases, transfers, all Whois history (unredacted), all email forwards, account credentials for customers, internal systems, and a lot more.
I have not independently verified the veracity of the claims, nor reviewed the large file the hackers released. I reached out to Epik CEO Rob Monster this morning to ask for a comment but did not immediately hear back. At the time of publishing, Epik has not posted anything to its blog, news page, or official twitter account regarding the apparent incident.
However, Monster responded to one of the people who tweeted about the hack yesterday, linking to a domain registered at Epik that says negative things about the person who posted the link. The tweet states, “Chad – I know that you are keen to get a client of Epik to take down a damning URL that does not reveal your highest self. I try hard to give everyone the benefit of the doubt but your latest tactic needs to stop right now.”
It’s unclear if Monster is suggesting that the person had anything to do with the hack, and the tweet doesn’t deny that Epik was hacked.
The apparent hack appears to be in response to Epik being a favored registrar for far-right sites. The hack notice states:
NOTORIOUS “HACKERS ON ESTRADIOL” PRESENT GRAND REVEAL OF ROB “HITLER SHOULD’VE WON” MONSTER’S EPIK FAILURE
You know, when you name a company “Epik”,
that implies something really big’s going to happen.
Deserving of the name.
Well, after years of bolstering the worst trash the Internet has to offer,
this is, truly, the Epik moment we’ve all been waiting for.
It also mentions recent efforts to take down an anti-abortion website.
Epik came under fire this month when a Texas anti-abortion group moved its “whistleblower” domain name to Epik after GoDaddy asked it to leave. Epik quickly shut the site down too. Epik said the site, which asked people to submit information about people in Texas getting abortions, violated its terms and asked the group to remove the content.
On Tuesday evening, Rob Monster responded: “We are assessing and don’t have any evidence of any domains compromised. Our team has been diligently assessing the claims and proactively securing systems.”
On Wednesday, September 15, Epik C”EO Rob Monster sent this message to customers:
At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.
Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.
You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.
Blessings to you all.
Karma!
Every thing you wanna know about Epik breach is on Namepros:
https://www.namepros.com/threads/1252094/
Epik is trash, which is why I transferred all of my domains out of there after learning that Robin Monster supports the scummiest people on this planet.
Great, but they still got your data
What he supports is freedom of speech, not your claimed scummiest people. Be careful of your remarks.
Rabbles about freedom of speech. Tells someone to be careful with what they say.
My my, aren’t you the sharpest spoon in the drawer today?
As long as I do not “cancel” others’ rights of speech, I do not contradict freedom of speech by asking others to be careful of their remarks.
In a civil society, people are supposed to be careful of their remarks. You and I are no exceptions, too. And I was not “rabbling”, so I suggest that you do not use that kind of provocative words.
Wow. Apparently if you say the wrong thing over the phone the Echelon system will flag your recording for further human analysis, and they’ll hunt you down within hours or even minutes. Any email or login on the internet or sms or call is recorded forever and they can trace you no matter what. But these amazing Anonymous people can do all their *magic* and NEVER get caught. Isn’t that amazing!?!?!? A little too amazing. Without a doubt that group is at the very least assisted, if not controlled by government organizations. And it’s also amazing that no other registrar was ever “hacked” to this extent… only that pesky Rob Monster’s registrar. Just like media is totally corrupted and controlled by the global mafia, so too is every other group or organization be they government or not. Looks like that same mafia may have done another hit on Rob. But we’ll wait and see if they really did hack them or not.
When the global mafia attack anyone, it is a sign that they are of good character. Of course only to those who have learnt to see how the world really is.
The cheers of joy displayed over this, no matter who was hacked/attacked, is also a clear indicator of character.
P.S. Even the title they gave this thing, “Operation Epik Fail”, reeks of a psychological operation to tarnish Rob and Epik. Why the fancy, catchy title? Real hackers don’t do that.
P.P.S. Certain (false flag) events are always traced to Russia, NK, Iran, etc. They are always confident of who did it. But of course they can never reach into the countries’ networks to find the exact perpetrators right? Well how about the fact that they own all the infrastructure in all 5 eyes countries as well as Europe, yet amazingly can never pinpoint who these Anonymous hackers are? Why can people not see something seriously wrong with this alleged Epik hack and all other stories? A little bit of critical thinking can expose it all, but relatively few have that skill.
It is a high risk registrar to use.
Stop the nonsense Snoopy.
Can imagine you getting on well with them John, two peas in a pod.
Didn’t you use to work at Epik Gomez
@snoopy Very high risk registrar to use.
What’s “high risk” are people like you, who support fascist attacks on those who happen to have different ideologies than yourself.It’s all fun and games as you make snide remarks online, until you’re the one who’s attacked one day by someone who disagrees with your beliefs.
I’m looking forward to:
• transferring more domains to a truly principled and truly patriotic registrar platform that respects and protects free speech and due process FOR ALL types of lawful citizens, speech, activity and clients like Epik soon.
And as “A different Rob” suggested above, in my experience when dealing with hateful sociopathic corruption, psychopathy and evil, including in government and among government bureaucrats and flunkies, you generally know you did something particularly good, right and true when this kind of thing is brought against you.
Ok many people who bought domains, and like any domainer they have accounts at every register … I get what and who they might be after but many innocent people have accounts there..
Exactly, and remember that Epik also has a reseller program, so they have plenty of customers who may not even know that they’re customers. Anyone cheering this on is sick in the head.
I wouldn’t expect that many Epik customers actually know anything about the company’s controversial positions. Sure, a bunch of domainers do, but they have a lot of non-domainer customers.
Please provide link to know how to delete account. Its hard to find it on epik.
Thanks
I don’t see any benefit to deleting an account there. The hackers only claim to have gotten a data dump. Even if it had passwords, that info is already out there. That said, this does remind me that we should perhaps delete accounts at sites we use when we no longer use that site/business.
Actually ICANN doesn’t really allow registrars to delete ALL data, they are obliged to keep it for a certain amount of years.
I do not feel sorry for anybody that does business with such an unprofessional company like that. Take this opportunity to move over to a real registrar.
Have you used their services? Their interfaces for customizing for-sale landing page and payment plan are professionally designed, as far as I can see.
I think you need to elaborate on why you consider the company unprofessional to prove that you really know what you’re talking about.
Here is an easy one. Because they do business and welcome business from traitors to the United States.
I would say they do business and welcome business from patriots to the United States.
I did IT for about 15 years of my life, though don’t think of me as only an “IT person” because that was only a chapter and a transition phase. I’m rather well rounded you might say.
In terms of the total package Epik is most definitely the best software and UI (user interface) of them all. A real and welcome treat after years without one like that.
So keep trying with the additional nonsense, trolls, and good luck with that.
Lol, “HACKERS ON ESTRADIOL”. Seriously? 😉
Someone don’t seem to correctly understand what they’re writing, there. Probably too occupied to think about the “nazi” and “hitler” dumb references. Yeah, “think” may not be the correct word, though.
By doing a search on “hackers on estradiol”, it seems to be a SONG. But no hacking group seem to go by that nickname (and I don’t see a lot of people with a brain choosing that…)
To me, this seems probably false and is just some (baseless) despicable denigrating (I also hope so, TBH). The further denigrating in the comments here is quite telling on the kind of low tactics.
I wish to apologize to Mr. Andrew Alleman, Author at Domain Name Wire.
With this written comment, because my first comment today time of Spain (EU) to not be published due to this post which to write was not appropriate and to send another which you did not deserve either.
All I can say is LOL… there’s such a thing called karma. BTW I love how monster keeps sending his minions to comment here to defend him it’s just hilarious to watch it’s like watching don trump JR defending his dad same level of vocabulary too!
So if all you misguided, biased and mistaken haters show up to spew your misguided hate that’s just normal, but if anyone comments in the other direction that’s just RM personally sending “minions”?
Speaking for myself, Andrew and many others have been seeing me comment here and in several of the other major blogs now for literally years. You’re going to have a hard time selling any of those bloggers or other regular commenters on the idea that I’m one of those “minions” rather than just an independent party only saying what he means and meaning what he says. You can bet the farm you’ll get no buyers for that.
I came here through Domaining.com and was not sent by anyone. Since you believe in karma as well, I advise you to desist from making unfounded accusation and defaming conservative people.
Sounds like somebody gets triggered pretty easy. A conservative snowflake?
I’m an alleged “minion” too apparently! I normally comment here as “Rob” but the Epik and Monster haters previously accused me of being Rob Monster or Rob Davis (??, whatever the other Rob is there) so I have to distinguish myself. How childish and petty. How many millions of Robs are there in the world?
*** Once again, it is the people who have accounts with Epik who are ultimately harmed here if it was a legit attack, but that critical point is so conveniently forgotten because the organized hate for Epik/Rob must take precedence. Anything to damage the business. And people with a conscience would know this, unless it is their job to perpetuate this hate. This shows clearly it is a psyop, a coordinated campaign.
But that’s okay. It is getting more clear by the day, even to those who have recently been totally blind, that not everything is as presented and much of the comments and “opinions” found online are just psyops and industry marketing. The world is slowly waking up. 🙂
I left this tweet on namepros
https://twitter.com/MapleDots/status/1438124151655616517?s=20
I was trying to say nobody deserves to be hacked and we must all support small busines. Namepros gave me a warning because the tweet tagged DNForum. I removed the tag, reposted and was then restricted on namepros.
The wild censorship at namepros is exactly why we need companies like Epik which stand for free speech. There is a lot of speech I disagree with at Epik but I support the right to have the free speech. Harming that ability would be a detriment to small business and free speech in general.
Anyone that supports this type of attack on a small business is wrong. There are lots of ways to show a company you disagree with them but breaching security and releasing client information is as low as it goes.
Does not matter if you support Epik or not, you cannot support this attack on all our freedoms, as well as on our personal security.
So I urge everyone to come together and show support to Epik and any small business that has been attacked in this way.
I am more than disappointed in namepros for their trivial deletion of both my tweets (links).
Do you support Epik’s “controversial positions”?
Yes or no.
Personally , I do support freedom of speech. YES.
And you, Snoopy, do you support hacking and exposing everybody’s personal information?
Snoopy,
It shouldn’t matter. The fact that you’re confronting random people on the internet, asking whether they agree or disagree with Rob’s personal beliefs says more about you than it does of them. You’re merely underscoring just how ideologically driven so many people are right now. The bottom line is you do not get to attack someone simply because you disagree with them. Apparently this is a concept that the extreme left fails to grasp, time and time again.
You do not support free speech. You deleted a thread you started on the hack at Epik. I guess it’s only ok to go at other registrars on your forum. When you do stuff like that, the other members notice. I’m sure some have accounts with them, this would be useful info to them.
Huh?
That was in reply to Mapledots. Side note, there are Twitter accounts like epikfailsnippet, leaking info from the breach
Yes, there was a reply that was deleted. Not a thread. This is a publication. You are welcome to comment on the posts but the comment has to be about the post. This isn’t a free for all where you can come in to discuss something completely unrelated to the post
Choose Epik because many other Uniregistry colleagues transfer domains to Epik.com then see what was interesting for me, cheaper price (Com) and Voodoo.com domain parking all for the same price.
Right now I have a very good portfolio of domains (Com),
I must confess to be honest that Epik has harmed me by not being able to sell my domains in Afternic, not being able to pay from Paypal.
I will not go to Epik, there have been other people from Epik who have reached out to me for their understanding and I am grateful to them.
Probably a “false flag” attack, as most of these things are.
Andrew you should take on a tinfoil hat manufacturer as an advertiser.
I’d make so much money that I’d quit blogging.
I can’t believe you censored my reply to MapleDots, Andrew. Why on earth would you do that? Appalling.
John, I give you a lot of leeway on commenting. But I’m not going to let you fill my comments section with comments that are not germane to the topic, especially misinformation about vaccines.
Andrew,
What’s germane to the topic are the specific motives behind this particular attack. Sadly (although not shockingly) these discussions are being censored on virtually every industry platform. Look no further that Mapledots above, how they were just censored over at namepros for simply speaking truth. Motive matters. Motive is everything. If we’re not even able to discuss the political and ideological motives behind this attack openly like adults, then we’re utterly screwed as a society. Those who are participating in this level of censorship are not on the right side of history, whether they are too naive to realize that or not..
Ignore Steven, people who cry about censorship are 99% of the time clueless to any thing they talking about. Every thing I read on this has been balanced, some supporting, some hating, some bashing, some scared, it’s all available on line to read. Every one cries if they dont see their opinion enough, it is the censorship! Censor! SHIP! CENSORSHIP! Bollocks
I love all these people trying to play this down as not real or a just a personal attack on Epik/Rob – they were very clearly hacked, seemingly because of very poor security and encryption, and you can literally download the data and see for yourself
Robert,
Any website can be hacked. Epik could have the security of the Pentagon, but if “team woke” decides to dismantle you, then you’re being dismantled. If there is indeed major security flaws at Epik, then that’s obviously an issue that needs to be addressed ASAP. That said, the tendency to conflate WHY he was attacked is rampant. Rob wasn’t attacked merely because there may have been extreme security flaws (which we still don’t know the full extent yet) He was attacked due to who Rob is personally, and the websites Epik chooses to host. This isn’t a mystery.
Rob Monster’s statement.
https://dnforum.com/threads/was-there-a-hack-data-breach-at-epik.599875/page-3#post-2345896
I have had many disagreements with Rob over the years, but I don’t understand how some people can say “karma” or be happy about this breach. As mentioned by others, a majority of Epik customers have no idea about Rob’s political stance. And in any case, he should be able to host whatever sites he wishes as long as they are lawful.
If Andrew hadn’t censored my reply to MapleDots.ca it would have shed some light on that.
You are probably just on auto moderation John given your past history of posting.
Over the years I’ve simply auto tuned out all of John’s postings when I see them. I see his name and then I immediately jump down to the next person’s comment. Saves me a ton of time and negative energy in my life. Who needs algorithms? It’s amazing what you can train your brain to do!
When I go to sign up for a new domain registrar, I see their services and prices, etc. If it is my interest to contact them, I never ask which political party is on the right or on the left.
Personal political issues should never become a professional business issue like Epik.com.
You have to separate the personal political beliefs from the professional in business, so there will never have been problems as they have been happening until the day of this attack.
I have been harmed like many other customer accounts in not being able to sell in Afternic, in not being able to pay from Paypal, to continue being a customer account, but I would ask for more moderation, opening the doors to understanding with Afternic and Paypal would be a very hopeful point.