Featured Domains

TrueName by donuts. Make a name for yourself

Epik hack: what we know & what you should do

What customers and other registrars should do to protect themselves until we know more.

Image with the words "operation epik fail"
Hackers have infiltrated Epik.

Domain name registrar Epik was hacked this week, and the hackers published reams of data online.

A group saying it’s aligned with the hacker collective Anonymous posted a release about the hack earlier this week. It says that the reason for the attack is that Epik caters to the far-right and extremist websites. After Epik seemed to waffle on whether there was a hack, the hackers made it public on Epik’s website itself.

The hackers published the data dump online, and security researchers are starting to comb through the data to see what was leaked.

Various sources have confirmed that the data includes registrant details behind many of the domains registered at Epik using Whois privacy. Both The Daily Dot and The Record have spoken with people whose data was released and confirmed that they were the registrants of the corresponding domain names.

A security engineer told The Daily Dot that the data includes the auth codes required to transfer domains to another registrar. It’s unclear if this data is tied to individual domains. This same engineer told The Daily Dot that the data includes WordPress admin passwords that people could use to take over Epik customers’ websites; I’m surprised by this because I wasn’t aware that these passwords were stored in any way that could be tied to a host.

The net-net is that we don’t know the full extent of the damage yet, but it looks bad.

This gets to how both Epik customers and other domain registrars can protect themselves and domain registrants.

At this point, Epik customers should hope for the best but plan for the worst. They should work on the assumption that their passwords have been exposed. If you re-use passwords at other sites (which you shouldn’t), you should change them to something unique. For safety’s sake, Epik customers should also assume that people have what’s needed to initiate a registrar transfer. With this in mind, I recommend domain owners use a system that tracks domain changes. DomainIQ and DomainTools offer trackers for this.

I’ve heard from some people trying to delete their Epik accounts. I don’t think this will help at this point; the data is already leaked.

Registrars should keep their eyes open for unusual transfer-in requests from Epik. I imagine some Epik customers are transferring their domains right now, but registrars should monitor this to ensure they aren’t being stolen.

Dynadot Expired Auctions. Now offering installment payments. View auctions.

Get Our Newsletter

Stay up-to-date with the latest analysis and news about the domain name industry by joining our mailing list.

No spam, unsubscribe anytime.

Reader Interactions


    Leave a Comment

  1. Rob Monster - Epik.com says

    Quick comments here:

    – Cybersecurity teams have worked diligently to secure all systems
    – The Epik Single-Sign-On is separate and was not impacted
    – No unauthorized domain transfers have occurred to our knowledge
    – All auth codes have been refreshed … twice!

    We have strong reason to believe that this incident was for a remote backup of legacy registrar data that was stored at a well-known and major external host.

    We appreciate the outpouring of support from the industry. Although I have declined press interviews, I have been in contact with many customers.

    The object lesson is that Cybersecurity is a really big deal. It is our top priority in 2021. We have several significant initiatives already in progress. Stay tuned.

    In the meantime, for those who want to show solidarity with Epik, I recommend the $6.99 .com unlimited domain transfer.

    • Not a Weak Leader says

      Robin Monster said “It could happen to anybody” in regards to the hack. But it didn’t happen to anybody, it happened to you b/c of your immoral soul and the low quality employees you hire. Stop being a weak leader and do press interviews. If you had any stones, you would.

      • Ethan Taylor says

        Speaking of leadership, a good leader is supposed to show professionalism rather than defamation of others. Please understand that describing others’ souls in a defamatory way without proper evidence constitutes personal attack and also goes beyond the limits of free speech.

    • Michael Scheidell, CCISP says

      and are you going to hire actual infosec people? led by a CISO with authority to check, recommend, mitigate BEFORE you get hacked again?
      What about people who are trying to transfer out before the hackers do? why are you blocking them?

  2. Truth says

    Every time I see these crazed left wing cult members attack innocent people either physically, which they do on a regular basis, or illegally attack innocent people to try to intimidate them and remove them from the internet because of their opinions I think, Wait a second, who are the fascists? I hope one day they realize who the fascists really are. Something tells me they don’t have the intellect for introspection. “Lulz”

  3. Jose says

    Outraged that fascists write, have any of you by chance lived in a Fascist Military Dictatorship 30 years of life?
    I never whisk hay you what my grandparents (Rip) parents (Rip) and myself went through with fascism totally autoritarian

  4. John R. says

    In the same breath that MONSTER says he was hacked, he also says “come over to Epik for $6.99” HOW STUPID DOES HE THINK DOMAINERS ARE?!

    • David says

      Stupid is when people place there on opinions and ego above facts.
      Billion dollar Corporations for decades have lost millions of records with SS numbers, names, addresses, DOB etc things that can’t be changed or repaired, but a Registrar gets hacked and is the end of the World.
      For sure if this did happen to GoDaddy or another Registrar you wouldn’t read it with all this negative intend.
      People have been using for month 6.99 fee and was available before the hack, to change a password on accounts is no big deal, so what’s all this fuzz.
      Best customer support, have 2500 names and not moving 1 btw I moved 500 before Sept 1st.
      Customers that work with Epik know better.

      For sure when Amex lost all the data of millions people cancelled there cards.

      • Research it says

        Is it stupid when people who work for Epik write comments that their domains are safe with Epik? How sad is it that your Anonymize Whois is public from the hack and the public can confirm you work for Epik?

    • David says

      I am one of those stupid that have moved 500 before the hack and will continue moving.
      My 2500 names have never been more secured, names have been stolen from many Registrars including GoDaddy and people never moved there names,
      btw have 1500 names at GD and feel very secure too.

  5. joesaba2014 says

    It’s funny Epik sends an email so that I be careful with the credit card to use with them, the bank has blocked it and now I receive an email from Epik that tomorrow two domains expire, they expire.

Domain Name Wire | Domain Name News
%d bloggers like this: