Domain Industry News

According to a tweet from the Twitter account of Domaining.com, the Domaining.com website may have been compromised. I have not independently confirmed the veracity of the tweet:

Urgent: https://t.co/yvF1mB9mIF has been apparently compromised, login has been closed. We were not story any CC data but change your password in other services if you were using the same. More info later, sorry.

— Domaining.com (@DomainingCom) November 3, 2021

I do not have details about what information may have been accessed, but I would imagine a big concern for Domaining.com users is passwords. Users with accounts on Domaining.com should strongly consider changing duplicate passwords on other services. In addition, other industry service providers should be aware of this issue to be on the lookout for logins that may be utilizing duplicate passwords.

It is always advisable to not reuse passwords on different websites and platforms. You might also consider using different logins when possible. In addition, using 2 factor authentication is always recommended.

I hope Francois provides more information about this and highlights this on Domaining.com so more people are made aware of the issue.

If I learn more about this, I will share it.

If you or someone you know is looking for a job in the domain name business, Donuts posted a job opening for a Business Development Manager position. Donuts owns and operates just shy of 250 domain name extensions, including .Live, .Lawyer, .Fitness, and many more. The job listing can be viewed on LinkedIn.

There is no domain industry experience required for this sales-focused position, but I presume some level of domain name knowledge would be helpful. A great deal of the job emphasis is on helping partners sell the company’s domain names. Here’s an excerpt about the candidate Donuts is seeking to hire:

This morning on NamePros, a user named astrade shared an email he received from Escrow.com suggesting that a password reset may be necessary due to the “security breach at domain registrar Epik.” The email suggests that the recipient change the password for the account at Escrow.com. Another email shared on NamePros by an Escrow.com customer indicates that Escrow.com automatically reset the user’s password.

I reached out to Jackson Elsegood, General Manager at Escrow.com, and he confirmed that the email was sent by Escrow.com. I also asked Jackson who, in general, received this password reset email.

Here’s what Jackson told me:

🏆Together with @NamesCon we want to celebrate what a great #domainer community we have.

That’s why we’re excited to announce 5 new awards given to five domain community members for their great achievements and community-driven spirit!

And the winners are…

— Dan.com (@Undeveloped) September 23, 2021

This afternoon at NamesCon, Dan.com announced five domain industry achievement awards for 2021. The awards were given in the following categories to five deserving individuals:

• Most data-driven domainer of the year 2021 – Nikhail Jain
• Most community-driven domainer of the year 2021 – Leanne McMahon
• Best newTLD domain investor of the year 2021 – Swetha Yenugula
• Best ccTLD domain investor of the year 2021 – Nils Buurman
• Best .com domain investor of the year 2021 – Ehren Schaiberger

Congratulations to these five domain investors on their success. The recognition in front of peers at NamesCon is well deserved.

Yesterday afternoon, the Have I Been Pwned? platform added the Epik data breach to its database. In doing so, it announced that more than 15 million email addresses were contained in the data, along with other information like addresses and phone numbers:

New breach: Epik had 180GB of data breached last week including 15M unique email addresses (both customers and scraped WHOIS), names, phone nums, physical addresses, purchases and passwords in various formats. 52% were already in @haveibeenpwned. More: https://t.co/ZxJDbStPht

— Have I Been Pwned (@haveibeenpwned) September 19, 2021

There has been a lot to unpack with this data breach, and more details have been shared on various platforms including a long thread at NamePros and quite a few Twitter accounts. You can search Twitter for hashtags like #EpikFail, #EpikHack, or simply search for Epik to see updates from a wide variety of people who seem to have access to the data.

A short while ago, Epik sent out the email below with links to relevant organizations:

According to multiple news publications, including Gizmodo, Domain Name Wire, Jerusalem Post, and others, there has reportedly been some sort of security breach / hacking at Epik. There is also a lengthy discussion about the incident at NamePros. In that thread, NamePros CTO (Paul) shared some insight about the allegation and offered some general advice about keeping domain registrar accounts as secure as possible.

I received an email this afternoon signed by Epik CEO Rob Monster regarding “an alleged security incident involving Epik.” Although the incident was not confirmed by Epik in the email, there wasn’t a denial either.

The email is below for those who are interested in reading what was sent: