According to multiple news publications, including Gizmodo, Domain Name Wire, Jerusalem Post, and others, there has reportedly been some sort of security breach / hacking at Epik. There is also a lengthy discussion about the incident at NamePros. In that thread, NamePros CTO (Paul) shared some insight about the allegation and offered some general advice about keeping domain registrar accounts as secure as possible.
I received an email this afternoon signed by Epik CEO Rob Monster regarding “an alleged security incident involving Epik.” Although the incident was not confirmed by Epik in the email, there wasn’t a denial either.
The email is below for those who are interested in reading what was sent:
Important update from Epik.com
At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.
Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.
You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.
Blessings to you all.
Founder and CEO
Epik Holdings Inc
September 19 Update – This incident is no longer considered “alleged.” Late last night, Epik followed up with a more serious email containing an “urgent security notice.” The company “confirmed an unauthorized intrusion” into some of its systems and warned that some sensitive customer data may have been accessed. The full email is below:
Security Notice from Epik
We are contacting you to notify you of an urgent security notice. Despite the extensive security practices we use to protect our platforms and customer information, we have confirmed an unauthorized intrusion into some of our domain-related systems.
We have mobilized the full force of multiple cyber security teams to assess the scope of this intrusion. We are taking aggressive action to completely secure and remediate all potentially affected systems, while complying with all applicable laws. As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords.
At this time, we have not confirmed that your card information has been compromised. As a precautionary measure, you may choose to contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly. Should you observe any unauthorized activity, please document and report it immediately.
We are notifying you because we consider your privacy and security our single greatest priority. Our mission to provide legendary service to all customers remains unchanged. We appreciate your support as we work through the full resolution of this situation, and we will continue to provide you with ongoing updates as we learn more.
Epik Security Team