Epik was hacked

Epik domains

Yes, it appears that the registrar Epik was hacked by a group called Anonymous.

Yes, there was a website at epikfail.win with the info you can see below. (Website is now down.)

Yes, there are a couple of torrents with all the hacked data and thousands of people downloading them.

According to the hackers, the contents include:

  • All domain purchases
  • All domain transfers in/out
  • All whois history
  • All DNS changes
  • All email forwards, catch-alls, etc
  • Payment history (no credit card data)
  • Account credentials
  • Over 500,000 private keys
  • A dump of an employee’s mailbox,
  • Git repositories
  • /home/ and /root/ directories of one of their core systems

Yes, that is all I can say at the moment.

Here is what Rob Monster said in an email today:

“At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.

Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.

You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.

Blessings to you all.

Regards,

Rob Monster
Founder and CEO
Epik Holdings Inc”

And here is an update from Rob:

“By now, most of you will have seen our first official update sent via email today.

Quick supplemental update:

– Cyber forensic work is moving swiftly.

– Our engineers believe the hack is of an aged remote backup, not of Epik’s core production.

– No customer domains have been impaired to our knowledge. More domains arrived today than left Epik.

– Our support team is doing an excellent job.

Cyber security is no joke. If this can be done to Epik, it can be done to anyone. As it was, we were already in the process of heavily investing in this arena. Lord-willing, we will once again emerge stronger from the experience.

On a personal note, I am thankful for the outpouring of support. May those of you who choose to stand with Epik all be greatly blessed, both in this life, and the one to come.

Regards,

Rob”

This was the content of the website epikfail.win: (I have only removed the link to the torrent with all the hacked data and a password.)

*****************************************************************************************
________                                     __   .__
\_____  \  ______    ____  _______ _____   _/  |_ |__|  ____    ____
 /   |   \ \____ \ _/ __ \ \_  __ \\__  \  \   __\|  | /  _ \  /    \
/    |    \|  |_> >\  ___/  |  | \/ / __ \_ |  |  |  |(  <_> )|   |  \
\_______  /|   __/  \___  > |__|   (____  / |__|  |__| \____/ |___|  /
        \/ |__|         \/              \/                         \/
 ________   _______    _____   ___  ____      ________        _        _____    _____
|_   __  | |_   __ \  |_   _| |_  ||_  _|    |_   __  |      / \      |_   _|  |_   _|
  | |_ \_|   | |__) |   | |     | |_/ /        | |_ \_|     / _ \       | |      | |
  |  _| _    |  ___/    | |     |  __'.        |  _|       / ___ \      | |      | |   _
 _| |__/ |  _| |_      _| |_   _| |  \ \_     _| |_      _/ /   \ \_   _| |_    _| |__/ |
|________| |_____|    |_____| |____||____|   |_____|    |____| |____| |_____|  |________|

*****************************************************************************************

OFFICIAL ANONYMOUS (not to be confused with 'Anonymous Official' grifters) PRESS RELEASE
SEPTEMBER 13, 2021
NOTORIOUS "HACKERS ON ESTRADIOL" PRESENT GRAND REVEAL
OF ROB "HITLER SHOULD'VE WON" MONSTER'S EPIK FAILURE

You know, when you name a company "Epik",
that implies something really big's going to happen.
Deserving of the name.
Well, after years of bolstering the worst trash the Internet has to offer,
this is, truly, the Epik moment we've all been waiting for.

Contained within this release, the following delicious morsels
that will surely be digested for months to come:

A decade's worth of data from the company. That's right, everybody.

Time to find out who in your family secretly ran an Ivermectin horse porn fetish site,
disinfo publishing outfit, or yet another QAnon hellhole.

Want to know when a nation-state decided to offer hosting to some domestic terror groups,
without those pesky DDoS mitigating reverse proxies getting in your way?
Want to know the identity of the owner of a domain or large set of domains
used in yet another influence/information operation?
Decloak origin IPs of nazi websites for further investigation, poking, prodding!
Map out a decade of online fash with a level of clarity nobody has been able to UNTIL NOW!

WHAT YOU GET FOR THE LOW LOW PRICE OF $0.00

* All domain purchases
* All domain transfers in/out
* All whois history, unredacted
* All DNS changes
* All email forwards, catch-alls, etc
* Payment history (no credit card data, don't get excited, FBI, we're not in that game)
* Account credentials for:
  all Epik customers, hosting, Anonymize VPN, and so on
  Epik internal systems, servers
  Epik's GoDaddy logins
  ...and more! IN PLAINTEXT! That's right, Epik barely hashed a damn thing!
  When we saw hashes, they were merely unsalted MD5
  Here's one such sample that made us upset for daring to use "anon":
    Rob Monster ****@epik.com ******** ************ (cracked: willem)
  Yep, these Russian developers they hired are actually just that bad.
  They probably enjoyed snooping through all of your shit just as much as we did.
* Over 500,000 private keys. What are they for? Who knows!
* We think we spotted a bunch of Anonymize OpenVPN profiles in this,
  but we were too disgusted with the above to continue digging.
* A dump of an employee's mailbox, just because we could.
* Git repositories for whatever internal applications!
* SSH keys!
* /home/ and /root/ directories of one of their core systems!

This dataset is all that's needed to trace actual ownership and management of the fascist side
of the Internet that has eluded researchers, activists, and, well, just about everybody.
And maybe have a little extra fun. For the lulz.

Is it possible to own a company as hard as this? We sure love to see it.
Good luck with the rebrand, Robby boy. Herd u liek mudkipz.

Monero tips for the inevitable legal bills, for
when the FBI kicks down OVER 9000 doors after this utterly
embarrasses everyone and outs one or more of their
poorly thought out stochastic terrorism plots
(GOOD LUCK WE'RE BEHIND SEVEN PROXIES)

49fTMEjqSZW5qKrJLwKjJZ2MHVYCbvsPo1ikwtxQTW66V3VTijgtJdFCukcKvvCnX7GYMqfgEVBGeQ4XJ1b6b45SQcfRCaq

Support your starving hacktivists, and they will bless you in turn.

So long, for now! Support #OperationJane and mess with Texas today!
Abortion is a human right!

Download OperationEpikFail.torrent

There's no use in denial, Rob Monster.

We are Anonymous
We are Legion
We do not Forgive
We do not Forget
 ___________
< EXPECT US >
 -----------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

The Internet Hate Machine hates fascists.

Signed,

              )      )       )       )     *         )            (
   (       ( /(   ( /(    ( /(    ( /(   (  `     ( /(            )\ )
   )\      )\())  )\())   )\())   )\())  )\))(    )\())      (   (()/(
((((_)(   ((_)\  ((_)\   ((_)\   ((_)\  ((_)()\  ((_)\       )\   /(_))
 )\ _ )\   _((_)   ((_)   _((_) __ ((_) (_()((_)   ((_)   _ ((_) (_))
 (_)_\(_) | \| |  / _ \  | \| | \ \ / / |  \/  |  / _ \  | | | | / __|
  / _ \   | .` | | (_) | | .` |  \ V /  | |\/| | | (_) | | |_| | \__ \
 /_/ \_\  |_|\_|  \___/  |_|\_|   |_|   |_|  |_|  \___/   \___/  |___/
Sold.Domains

About Konstantinos Zournas

Studied Computer Engineering and Computer Science in London, UK and now living in Athens, Greece. Love domains and building websites. Went online in 1995, learned about HTML in 1996 and about domains in 2002. Started publishing the OnlineDomain.com blog in 2012.

17 comments

  1. It was not anonymous.

    Anyone can claim to be “Anonymous”

    It was a fake anonymous, and downloading data as we speak even though i believe it was a bluff. NOT hack!

    PS: Epik has still never lost a domain!

    Samer

  2. FBI time for sure. But they will not be going after hackers. Neo-nazi, porn, nasty stuff nobody will touch, all exposed.

    New York Times, Washington Post, etc etc. will be digging big time. NYTimes have been running a few stories over time about Epik.

    Epik read.

  3. Andrew Allemann censored me at his thread about this at Domain Name Wire. Ironically, the comment he censored mentioned how stupid are those who support censorship and cancel culture. Here is my current reply about him having done that, since that might get censored too:

    “John says

    September 15, 2021 at 11:38 pm

    I can’t believe you censored my reply to MapleDots, Andrew. Why on earth would you do that? Appalling.”

    Link to that: https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/#comment-2266300.

    Here is the original comment he censored to begin with. Judge for yourselves whether this comment merited anything like that, ESPECIALLY in light of all the other comments he has *not* censored there. It was originally right under MapleDots.ca’s big comment beginning with “I left this tweet”:

    “John says

    September 15, 2021 at 10:24 am

    These are insanely evil times. People rejoice and celebrate over others they disagree with getting sick and dying from covid. Espouse denying healthcare to anyone who doesn’t take a dangerous experimental gene-hacking injection falsely called a “vaccine” for PR purposes, and contrary to all known proper medical and scientific principles about vaccination – even according to the inventor of mRNA technology itself and other distinguished doctors and scientists, including vaccinologists and those who are pro-vaccine no less. Rejoice over censorship and cancel culture, until it comes back to bite them in some cases as is virtually inevitable.

    It is impossible to even adequately express how stupid those who support censorship and cancel culture are. Stupid is not about lacking intelligence. You can be one of the most intelligent people in the world and still be dumber than a rock. Stupid is about culpable foolishness, no matter how intelligent you are. In fact, the irony is that the more intelligent you are, the more culpably stupid you are when you engage in such things.”

    • Update: Andrew may have put me on approval-only status there after my last reply. I have two replies “awaiting moderation” now. They are these:

      1. Reply to Jonathan for his comment at https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/#comment-2266319:

      “John says

      September 16, 2021 at 9:56 pm

      Your comment is awaiting moderation.

      Jonathan, Andrew’s reply is a pretext. Unfortunately, however, he is no doubt lying to himself to justify and put the right spin on what he did in deleting my comment, and doubtless even believes it himself and is not even fully aware that he is lying to himself. That’s what people do. That is the human condition for this age. Are you very familiar with the Bible? This is a famous quote from it, and one we would all do well to be familiar with as it applies to all of us: “The heart is more deceitful than all else And is desperately sick; Who can understand it?” (Jeremiah 17:9) After all, what is he going to do, admit that he engaged in censorship and is anti-free speech? This is also not the first time Andrew has demonstrated a lamentable disposition when it comes to censorship and free speech in society in general. I have a direct reply to him below “awaiting moderation,” so perhaps he even put me on approval-only status.”

      2. Reply to Andrew for his comment at https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/#comment-2266306:

      “John says

      September 16, 2021 at 9:45 pm

      Your comment is awaiting moderation.

      It was 100% germane to the topic, Andrew. You are practicing self-deceit to justify your action. That’s what people do. And it was even 100% illustrative of the reason why this entire matter relating to Epik has even taken place, as is what you did here no less.

      You would have had no problem if someone had germanely included mention of what is going on in society regarding the topic of the supposed vaccines, medicine and science if it had been in agreement with what a person like you is sadly all but 100% predictable to view as correct and acceptable “information,” i.e. the official mainstream narrative. Almost 100% predictably, you just didn’t like someone germanely including mention of it in a way you didn’t like because of your mentality. Read the copy of my comment you removed posted elsewhere if you don’t still have it. You are among those who are *more* culpable about an action and attitude like this rather than less. As in, you should seriously know better, though sadly you are far from alone, which is the problem.”

    • Update: Andrew may have put me on approval-only status there after my last reply. I have two replies “awaiting moderation” now. I have a larger reply showing both comments here too, but there are two links in it, so that may be pending moderation only because of having the two links. That is common for three, but I seriously doubt Konstantinos actually put me on “approval only.” And if this one even appears it shows he didn’t, at least for anything without a link. I would also like to mention again as I have before that I give equal opportunity “link love” to all the blogs, so I have also linked from the other to OnlineDomain.com many times too. 🙂

      • LOL, looks like Konstantinos may have even approved my first comment while I was typing this one since both posted just now. 🙂

    • Konstantinos Zournas

      John,
      I will tolerate almost anything from anyone but…
      I will not tolerate any anti-vax bullshit.
      I am pretty clear on this. You anti-vaccine comment WILL be deleted.
      Thanks

      • It is not an anti-vaccine comment, Konstantinos. I thought you were far more aware of what is going on in this world than that, and even what is going on in my own country. I love a good vaccine that is truly safe and good, and truly a vaccine. Do you think the inventor of mRNA technology himself, Dr. Robert Malone, is anti-vaccine too? And all the other pro-vaccine scientists and doctors who don’t tow the official narrative and “party line”? Are you not even aware of what is really happening now that the latest so-called vaccines have been pushed as much as they have, exactly what was warned about, or do you simply buy whatever mainstream media tells you? I would think again, and look a little deeper. But the point in the censored comment here was not about vaccines, but about censorship and “cancel culture” and people’s animosity and hatred over it.

      • Konstantinos Zournas

        I have been building software for monitoring clinical trials since 2010 and I have been involved in statistical analysis etc.
        My wife has been working in pharma companies for 20 years.
        I suggest you don’t talk about shit you don’t know and stop this anti-vax narrative that is killing people all over the world.
        I don’t fucking listen to Malone or the media. I follow the facts and stats.
        This is strike 2 for you.

  4. Update #2 – this is just food for thought because of something particularly noticeable in the supposed “Anonymous” diatribe included with this hack. This is a comment I have “awaiting moderation” over at Domain Name Wire in Andrew’s second and latest thread about it there:

    domainnamewire . com/2021/09/16/epik-hack-what-we-know-what-you-should-do

    “John says

    September 16, 2021 at 11:43 pm

    Your comment is awaiting moderation.

    Speaking of saying “I question” as Andrew did above, I question this from the supposed “Anonymous” diatribe:

    “Time to find out who in your family secretly ran an Ivermectin horse porn fetish site”

    It’s too bad Andrew removed my comment in his first thread about this where I went into important realities about what it really means to be “stupid” even when one is “intelligent.”

    If this “Anonymous” group really exists, or more importantly really still exists, I think it’s safe to say it requires a remarkable bit of “intelligence” to do what they do, yes? I spent part of my life in IT myself, so that’s a yes.

    Normally we think of “stupid” as unintelligent, but my removed comment referred to above takes a different approach. In this case, however, I will use the term “stupid” in the more normal sense, but I will still include the element of culpability along with “stupid,” as in no excuse.

    Ergo, this is what I question:

    How is it humanly possible for people associated with “Anonymous,” who are otherwise almost necessarily so “intelligent,” to be so horrifically and culpably stupid as to perpetuate and persist in the patently and demonstrably false and lying mainstream media spin about Ivermectin and horses with a quip like that?

    From where I’m sitting, it looks more like whoever wrote that actually messed up with that for this little “operation.”

    Is it humanly possible for people so otherwise intelligent and mentally talented to be so utterly stupid?

    More importantly, is it humanly possible for that kind of stupidity to even be believable, credible, genuine?

    I would suggest for the more thoughtful and experienced reader’s contemplation that such stupidity is straining in a big way when it comes to being credible and believable as being genuine stupidity and ignorance.

    Which should lead you to wonder about who and what the real *source* of any such hack has really been after all. I will by no means merely accept at face value that it has been this “Anonymous” group. Or pesky “foreign agents.” But there is another possible option that would not surprise me at all, not even one bit.

    And let’s see if Andrew even allows this comment to appear since it seems he may have put me on “approval only” after the last thread.”

  5. I am 68 years old with. a portfolio 552 DomainS divided between Uniregistry, Epik, etc afther this give my enterie portfolio to a Domain Broker so ti mánage etc
    I do this because can not lose my investiment Domains that. have worked and this does not give me peace.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.