Domain Name Wire | Domain Name News

Domain Name Industry News

Featured Domains

register.to

Epik breach: credit card woes, Whois data

by Domain Registrars 3 Comments

Credit card exposure from breach could have a major impact on customers.

Picture of credit card in someone's hand with the word "Epik Security Breach"

Credit card data, which apparently includes CVV data, was exposed in the Epik breach.

I’ve been writing a lot about the Epik security breach, and you can expect to hear a lot more in the coming weeks as more details come out.

Yesterday, I published an email from Epik stating that it might be worth taking precautionary measures with credit card data. If you’ve ever bought anything online, this isn’t the end of the world. Numbers get stolen all of the time, even from the biggest retailers. But in Epik’s case, it appears that the company was storing CVV codes as well, which is a big no-no. These are the three and four-digit codes that are usually on the back of the card that are used for verification. Merchants are supposed to only use it for authorization and not store the number.

The other big news is that a bunch of scraped Whois records of non-customers were included in the breach. I have a couple of thoughts about this.

First, you should understand the history of Epik. The company entered the domain registrar business with the acquisition of Intrust Domains in 2011. Intrust was notorious for spamming people to sell them expiring domains. And, although Epik told me at the time that it didn’t acquire the email marketing part of Intrust, Epik itself was known for trying to sell domains via unsolicited email. (In a public video chat about the hack, Epik CEO Rob Monster confirmed that the early code base it acquired from Intrust was built on “shitty Russian code”, and that some of it is still in production.)

So it’s no surprise that the company has lots of Whois data. In fact, I wonder if it has a lot more than what was breached. Last year, Epik’s VP of Communications threatened people who were saying bad things about Epik by writing, “I am one of few individuals on this planet with the capacity to email 300 million people in fifteen seconds, with a full media agency and PR firm behind me.” I have no idea where that email data he referred to comes from and where it is stored.

Is the exposed Whois data a big deal? Yes and no. On the one hand, all of this data was public and probably scraped by plenty of spammers. On the other hand, this data can easily be used to spam people now. And certainly, people are going to be upset that their data was re-exposed by a company they’ve never heard of, so it’s going to be another large headache for the domain registrar as it works through recovering from the hack.

 

Epik sends hack notice, warns on credit cards

by Domain Registrars 14 Comments

Registrar says payment card information may have been compromised.

Image with the words "operation epik fail"

An anonymous group said it has hacked domain name registrar Epik and downloaded significant data.

Late Saturday night, domain name registrar Epik sent an email to customers confirming the hack that was widely reported last week. This comes after one official email communication from the company, as well as a few blog and Twitter responses and a multi-hour live online meeting that included arguments with a doxxing victim and an appearance by a neo-Nazi.

The email warns customers to take precautions and suggests that customers consider contacting their credit card companies to warn them that their credit card information may have been compromised. The full email is below:

Hello,

We are contacting you to notify you of an urgent security notice. Despite the extensive security practices we use to protect our platforms and customer information, we have confirmed an unauthorized intrusion into some of our domain-related systems.

We have mobilized the full force of multiple cyber security teams to assess the scope of this intrusion. We are taking aggressive action to completely secure and remediate all potentially affected systems, while complying with all applicable laws. As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords.

At this time, we have not confirmed that your card information has been compromised. As a precautionary measure, you may choose to contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly. Should you observe any unauthorized activity, please document and report it immediately.

We are notifying you because we consider your privacy and security our single greatest priority. Our mission to provide legendary service to all customers remains unchanged. We appreciate your support as we work through the full resolution of this situation, and we will continue to provide you with ongoing updates as we learn more.

Thank you,

Epik Security Team

Epik hack: what we know & what you should do

by Domain Registrars 17 Comments

What customers and other registrars should do to protect themselves until we know more.

Image with the words "operation epik fail"

Hackers have infiltrated Epik.

Domain name registrar Epik was hacked this week, and the hackers published reams of data online.

A group saying it’s aligned with the hacker collective Anonymous posted a release about the hack earlier this week. It says that the reason for the attack is that Epik caters to the far-right and extremist websites. After Epik seemed to waffle on whether there was a hack, the hackers made it public on Epik’s website itself.

The hackers published the data dump online, and security researchers are starting to comb through the data to see what was leaked.

Various sources have confirmed that the data includes registrant details behind many of the domains registered at Epik using Whois privacy. Both The Daily Dot and The Record have spoken with people whose data was released and confirmed that they were the registrants of the corresponding domain names.

A security engineer told The Daily Dot that the data includes the auth codes required to transfer domains to another registrar. It’s unclear if this data is tied to individual domains. This same engineer told The Daily Dot that the data includes WordPress admin passwords that people could use to take over Epik customers’ websites; I’m surprised by this because I wasn’t aware that these passwords were stored in any way that could be tied to a host.

The net-net is that we don’t know the full extent of the damage yet, but it looks bad.

This gets to how both Epik customers and other domain registrars can protect themselves and domain registrants.

At this point, Epik customers should hope for the best but plan for the worst. They should work on the assumption that their passwords have been exposed. If you re-use passwords at other sites (which you shouldn’t), you should change them to something unique. For safety’s sake, Epik customers should also assume that people have what’s needed to initiate a registrar transfer. With this in mind, I recommend domain owners use a system that tracks domain changes. DomainIQ and DomainTools offer trackers for this.

I’ve heard from some people trying to delete their Epik accounts. I don’t think this will help at this point; the data is already leaked.

Registrars should keep their eyes open for unusual transfer-in requests from Epik. I imagine some Epik customers are transferring their domains right now, but registrars should monitor this to ensure they aren’t being stolen.

Hackers claim significant Epik breach

by Domain Registrars 58 Comments

A group claims that it has hacked Epik and downloaded significant data.

Image with the words "operation epik fail"

An anonymous group said it has hacked domain name registrar Epik and downloaded significant data.

A group says it has hacked domain name registrar Epik and released a trove of data online.

A posting (see PDF version) claims that the hackers gained access to data about all domain purchases, transfers, all Whois history (unredacted), all email forwards, account credentials for customers, internal systems, and a lot more.

I have not independently verified the veracity of the claims, nor reviewed the large file the hackers released. I reached out to Epik CEO Rob Monster this morning to ask for a comment but did not immediately hear back. At the time of publishing, Epik has not posted anything to its blog, news page, or official twitter account regarding the apparent incident.

However, Monster responded to one of the people who tweeted about the hack yesterday, linking to a domain registered at Epik that says negative things about the person who posted the link. The tweet states, “Chad – I know that you are keen to get a client of Epik to take down a damning URL that does not reveal your highest self. I try hard to give everyone the benefit of the doubt but your latest tactic needs to stop right now.”

It’s unclear if Monster is suggesting that the person had anything to do with the hack, and the tweet doesn’t deny that Epik was hacked.

The apparent hack appears to be in response to Epik being a favored registrar for far-right sites. The hack notice states:

NOTORIOUS “HACKERS ON ESTRADIOL” PRESENT GRAND REVEAL OF ROB “HITLER SHOULD’VE WON” MONSTER’S EPIK FAILURE

You know, when you name a company “Epik”,
that implies something really big’s going to happen.
Deserving of the name.
Well, after years of bolstering the worst trash the Internet has to offer,
this is, truly, the Epik moment we’ve all been waiting for.

It also mentions recent efforts to take down an anti-abortion website.

Epik came under fire this month when a Texas anti-abortion group moved its “whistleblower” domain name to Epik after GoDaddy asked it to leave. Epik quickly shut the site down too. Epik said the site, which asked people to submit information about people in Texas getting abortions, violated its terms and asked the group to remove the content.

On Tuesday evening, Rob Monster responded: “We are assessing and don’t have any evidence of any domains compromised. Our team has been diligently assessing the claims and proactively securing systems.”

On Wednesday, September 15, Epik C”EO Rob Monster sent this message to customers:

At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.

Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.

You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.

Blessings to you all.

 

Who’s on top? .Com Leaderboard update

by Domain Registrars 0 Comments

These are the fastest growing and largest domain name registrars for .com domains.

Picture of a column chart and a magnifying glass with the words ".com leaderboard"

ICANN has published the latest official data from Verisign (NASDAQ: VRSN) about the .com namespace. This registrar-by-registrar report covers May 2021.

CentralNic surged back into the top 10 for monthly registrations with a strong performance at its Internet BS registrar. Other than that, there’s not much noteworthy this month…other than strong numbers for .com registrations overall.

Here’s how registrars did in terms of new .com registrations in May:

1. GoDaddy.com* (NYSE: GDDY) 1,012,078 (943,953 in April)
2. Namecheap Inc. 279,546 (268,394)
3. Alibaba (HiChina) 223,588 (236,681)
4. CentralNic^^ 179,098 (AIM: CNIC)
4. Newfold Digital+ 178,969 (181,739)
5. Tucows** (NASDAQ:TCX) 167,300 (166,169)
6. Google Inc. (NASDAQ: GOOGL) 162,262 (161,105)
7. Dynadot 148,815 (138,560)
8. NameSilo 107,059 (103,342)
9. Wix (NASDAQ: WIX) 98,571 (96,984)

Here’s the leaderboard of the top registrars in terms of total .com registrations under management as of the end of May.

1. GoDaddy* 56,259,057 56,324,284 (56,259,057 in April)
2. Newfold Digital+ 14,561,403 (14,551,259)
3. Tucows** 12,862,281 (12,924,199)
4. Namecheap 7,733,383 (7,631,693)
5. Alibaba 6,353,049 (6,271,240)
6. IONOS^  5,927,252 (5,942,360)
7. TurnCommerce++ 4,897,679 (4,789,133)
8. Google 4,539,761 (4,467,691)
9. CentralNic^^ 3,345,295 (3,218,595)
10. NameSilo 2,258,658 (2,196,964)

Many domain companies have multiple accreditations and I’ve tried to capture the largest ones. See the notes below.

* Includes GoDaddy, Wild West Domains, Uniregistry and 123 Reg
** Includes Tucows, Enom, Ascio and EPAG
+ Includes PDR, Domain.com, FastDomain, Bigrock, Network Solutions, Register.com, SnapNames registrars, and Crazy Domains/Dreamscape. There are other Newfold registrars, but these are the biggest.
++ Includes NameBright and DropCatch registrars
^ Includes 1&1, PSI, Cronon, United-Domains, Arsys and world4you
^^ Includes Key-Systems, 1API, Internet.bs, TLD Registrar Solutions, RegistryGate, Moniker, Instra

Domain Name Wire | Domain Name News