Epik CEO Emails About “an alleged security incident involving Epik” (Updated)

31

According to multiple news publications, including Gizmodo, Domain Name Wire, Jerusalem Post, and others, there has reportedly been some sort of security breach / hacking at Epik. There is also a lengthy discussion about the incident at NamePros. In that thread, NamePros CTO (Paul) shared some insight about the allegation and offered some general advice about keeping domain registrar accounts as secure as possible.

I received an email this afternoon signed by Epik CEO Rob Monster regarding “an alleged security incident involving Epik.” Although the incident was not confirmed by Epik in the email, there wasn’t a denial either.

The email is below for those who are interested in reading what was sent:

Important update from Epik.com

At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.

Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.

You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.

Blessings to you all.

Regards,

Rob Monster
Founder and CEO
Epik Holdings Inc

September 19 Update – This incident is no longer considered “alleged.” Late last night, Epik followed up with a more serious email containing an “urgent security notice.” The company “confirmed an unauthorized intrusion” into some of its systems and warned that some sensitive customer data may have been accessed. The full email is below:

Security Notice from Epik

Hello,

We are contacting you to notify you of an urgent security notice. Despite the extensive security practices we use to protect our platforms and customer information, we have confirmed an unauthorized intrusion into some of our domain-related systems.

We have mobilized the full force of multiple cyber security teams to assess the scope of this intrusion. We are taking aggressive action to completely secure and remediate all potentially affected systems, while complying with all applicable laws. As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords.

At this time, we have not confirmed that your card information has been compromised. As a precautionary measure, you may choose to contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly. Should you observe any unauthorized activity, please document and report it immediately.

We are notifying you because we consider your privacy and security our single greatest priority. Our mission to provide legendary service to all customers remains unchanged. We appreciate your support as we work through the full resolution of this situation, and we will continue to provide you with ongoing updates as we learn more.

Thank you,
Epik Security Team

About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has sold seven figures worth of domain names in the last five years. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest.

Reach out to Elliot: Twitter | Facebook | LinkedIn | Email

31 COMMENTS

  1. I got the email too.
    If there is a security breach, it is the main responsibility of the company to inform the customers and provide the customers ID Theft Protection for free.
    Potentially, class action lawsuit….etc etc

  2. wow…..for the last 2 weeks, I have not seen anybody talking about apes,coins or NFT….so what the deal? Did anybody buy $5million ape and resold for $7million?
    So is the Booth Brothers going to buy another ape?

      • You sure about that, I kind of remember an ape selling for $3M, along with Christie’s auction with more apes for sale today. Boo hoo snoopy should change his pfp to a bear, one he owns the commercial rights too, not sure why you keep overpaying for parked domains Gomez

  3. Gee, I can’t imagine why Epik was targeted. Is this is the world you want to live in, folks? Allowing companies who support freedom of speech to be viciously hit, taking their customers down with them? Apparently so. But pay no attention. Just flip those NFT’s and brag about how many millions you’ve made. Ignore the warning signs of a failing society as you assume this is all temporary “white noise”. Welcome to your wonderfully woke culture. It’s only going to get worse. Enjoy.

    • Well said Steve. This is no longer about partisanship, this is the future of free speech — and thus, intricately connected to what we do as domain investors and developers. The censorship power grab will inevitably extend to our sector. A rise in UDRP cases is just the tip of the iceberg.

      Whether you agree with Epik’s mission statement or not, if they are allowed to fail through repeated criminal targetting, it sends a message to every registrar that they must bend the knee to whatever movement goes after them. Fall in line with the monolith, or be crushed. And that is especially concerning when new reporting suggests that a lot of this is foreign interference.

      We’re watching the rise of Big Brother in real-time, and like it or not, domainers & registrars are one of the few bulwarks left to protect free expression.

  4. I have not received too many corporate emails mentioning God.

    I do not believe the last paragraph is necessary. And I love me some Jesus and God. They are #1 in my life.

  5. The overt religiosity of this CEO/company has become creepy AF. Reminds me of when I moved all of my domains away from GoDaddy because of Bob Parsons the elephant hunting CEO and their sexist ad campaigns. Too much cringe. I replied and requested that my account be deleted.

  6. Andrew Allemann censored me at his thread about this at Domain Name Wire. Ironically, the comment he censored mentioned how stupid are those who support censorship and cancel culture. Here is my current reply about him having done that, since that might get censored too:

    “John says

    September 15, 2021 at 11:38 pm

    I can’t believe you censored my reply to MapleDots, Andrew. Why on earth would you do that? Appalling.”

    Link to that: https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/#comment-2266300.

    Here is the original comment he censored to begin with. Judge for yourselves whether this comment merited anything like that, ESPECIALLY in light of all the other comments he has *not* censored there. It was originally right under MapleDots.ca’s big comment beginning with “I left this tweet”:

    “John says

    September 15, 2021 at 10:24 am

    These are insanely evil times. People rejoice and celebrate over others they disagree with getting sick and dying from covid. Espouse denying healthcare to anyone who doesn’t take a dangerous experimental gene-hacking injection falsely called a “vaccine” for PR purposes, and contrary to all known proper medical and scientific principles about vaccination – even according to the inventor of mRNA technology itself and other distinguished doctors and scientists, including vaccinologists and those who are pro-vaccine no less. Rejoice over censorship and cancel culture, until it comes back to bite them in some cases as is virtually inevitable.

    It is impossible to even adequately express how stupid those who support censorship and cancel culture are. Stupid is not about lacking intelligence. You can be one of the most intelligent people in the world and still be dumber than a rock. Stupid is about culpable foolishness, no matter how intelligent you are. In fact, the irony is that the more intelligent you are, the more culpably stupid you are when you engage in such things.”

    • Update: Andrew may have put me on approval-only status there after my last reply. I have two replies “awaiting moderation” now. They are these:

      1. Reply to Jonathan for his comment at https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/#comment-2266319:

      “John says

      September 16, 2021 at 9:56 pm

      Your comment is awaiting moderation.

      Jonathan, Andrew’s reply is a pretext. Unfortunately, however, he is no doubt lying to himself to justify and put the right spin on what he did in deleting my comment, and doubtless even believes it himself and is not even fully aware that he is lying to himself. That’s what people do. That is the human condition for this age. Are you very familiar with the Bible? This is a famous quote from it, and one we would all do well to be familiar with as it applies to all of us: “The heart is more deceitful than all else And is desperately sick; Who can understand it?” (Jeremiah 17:9) After all, what is he going to do, admit that he engaged in censorship and is anti-free speech? This is also not the first time Andrew has demonstrated a lamentable disposition when it comes to censorship and free speech in society in general. I have a direct reply to him below “awaiting moderation,” so perhaps he even put me on approval-only status.”

      2. Reply to Andrew for his comment at https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/#comment-2266306:

      “John says

      September 16, 2021 at 9:45 pm

      Your comment is awaiting moderation.

      It was 100% germane to the topic, Andrew. You are practicing self-deceit to justify your action. That’s what people do. And it was even 100% illustrative of the reason why this entire matter relating to Epik has even taken place, as is what you did here no less.

      You would have had no problem if someone had germanely included mention of what is going on in society regarding the topic of the supposed vaccines, medicine and science if it had been in agreement with what a person like you is sadly all but 100% predictable to view as correct and acceptable “information,” i.e. the official mainstream narrative. Almost 100% predictably, you just didn’t like someone germanely including mention of it in a way you didn’t like because of your mentality. Read the copy of my comment you removed posted elsewhere if you don’t still have it. You are among those who are *more* culpable about an action and attitude like this rather than less. As in, you should seriously know better, though sadly you are far from alone, which is the problem.”

    • The fact that you’re laughing about a company being targeted for their public positions of their religion and their willingness to defend free speech, highlights everything that is terrible about this planet. No Empathy. No Discernment. Just a false sense of security and the arrogant assumption that you’re somehow on the right side of history.

  7. They defend terrorists and provide a safe basement/cave for them to convert more people using disinformation, all the while hiding behind religion and “free speech”. “Free speech isn’t free, it comes with responsibilities.

    The same people are responsible for the utter fail in the USA to stamp out Covid.

    Much like the allied forces in WWII, I KNOW I’m on the right side of history.

  8. Update #2 – this is just food for thought because of something particularly noticeable in the supposed “Anonymous” diatribe included with this hack. This is a comment I have “awaiting moderation” over at Domain Name Wire in Andrew’s second and latest thread about it there:

    https://domainnamewire.com/2021/09/16/epik-hack-what-we-know-what-you-should-do

    “John says

    September 16, 2021 at 11:43 pm

    Your comment is awaiting moderation.

    Speaking of saying “I question” as Andrew did above, I question this from the supposed “Anonymous” diatribe:

    “Time to find out who in your family secretly ran an Ivermectin horse porn fetish site”

    It’s too bad Andrew removed my comment in his first thread about this where I went into important realities about what it really means to be “stupid” even when one is “intelligent.”

    If this “Anonymous” group really exists, or more importantly really still exists, I think it’s safe to say it requires a remarkable bit of “intelligence” to do what they do, yes? I spent part of my life in IT myself, so that’s a yes.

    Normally we think of “stupid” as unintelligent, but my removed comment referred to above takes a different approach. In this case, however, I will use the term “stupid” in the more normal sense, but I will still include the element of culpability along with “stupid,” as in no excuse.

    Ergo, this is what I question:

    How is it humanly possible for people associated with “Anonymous,” who are otherwise almost necessarily so “intelligent,” to be so horrifically and culpably stupid as to perpetuate and persist in the patently and demonstrably false and lying mainstream media spin about Ivermectin and horses with a quip like that?

    From where I’m sitting, it looks more like whoever wrote that actually messed up with that for this little “operation.”

    Is it humanly possible for people so otherwise intelligent and mentally talented to be so utterly stupid?

    More importantly, is it humanly possible for that kind of stupidity to even be believable, credible, genuine?

    I would suggest for the more thoughtful and experienced reader’s contemplation that such stupidity is straining in a big way when it comes to being credible and believable as being genuine stupidity and ignorance.

    Which should lead you to wonder about who and what the real *source* of any such hack has really been after all. I will by no means merely accept at face value that it has been this “Anonymous” group. Or pesky “foreign agents.” But there is another possible option that would not surprise me at all, not even one bit.

    And let’s see if Andrew even allows this comment to appear since it seems he may have put me on “approval only” after the last thread.”

Leave a Reply