You may have already heard about a recently discovered security bug called CloudBleed. Based on what I have read about the bug, users of many websites could potentially be impacted, and people may not even know their accounts could become compromised. I presume there is the potential that this could involve domain industry companies.
Yesterday, I received an email from Epik that I want to share with you. I think it is a good idea for Epik (and other companies) to address this ASAP and make sure their customers are aware of the situation. Kudos to Epik for informing customers of the issue almost immediately. Hopefully other industry companies that may be impacted will follow suit.
Important update – Cloudfare vulnerability
Recently, a serious vulnerability discovered in a service called Cloudfare – a technology widely used by companies worldwide to enhance site performance and increase security. The service is not used directly by Epik, but is used by a 3rd party service called Zendesk, used for live chat support. While we are confident that your account at Epik has been in no way compromised, this note provides background and explains recommended precautions.
The Cloudflare vulnerability, so-called CloudBleed opened the possibility that sensitive data, such as account names and passwords, may have leaked from some sites. The exact extent of any leak, if it occurred, is still unclear. While Epik is not affected as we do not use Cloudfare directly, we do take your account security very seriously. As a precaution, we are resetting all customer account PINs. Should you need your new PIN, you can login at Epik.com and see your new PIN.
If you use the same password also in other places on the web, you will also want to come up with a unique password for your Epik account. When choosing your password, please try using a strong, unique combination. A good password should contain a mix of at least eight letters, numbers and symbols. Besides keeping good passwords, there are several additional measures you can take for securing your account:
1. Enable WHOIS privacy for your domains – we offer it for free
2. Enable 2-Factor SMS authentication
3. Enable IP address restriction
4. Enable free Max-Lock which will block all transfers out requests
Please reach us out anytime at firstname.lastname@example.org if you need assistance with the steps above or have any further questions.