This morning on NamePros, a user named astrade shared an email he received from Escrow.com suggesting that a password reset may be necessary due to the “security breach at domain registrar Epik.” The email suggests that the recipient change the password for the account at Escrow.com. Another email shared on NamePros by an Escrow.com customer indicates that Escrow.com automatically reset the user’s password.
I reached out to Jackson Elsegood, General Manager at Escrow.com, and he confirmed that the email was sent by Escrow.com. I also asked Jackson who, in general, received this password reset email.
Here’s what Jackson told me:
“This is a legitimate email that we sent out given the size of the hack and that passwords were involved. Over the past year and a half we’ve been building our security capabilities and one of the necessary initiatives is to proactively manage threats like this.
We contacted users we believed may be impacted by the breach and asked them to update their password in case it was compromised, and added a reminder not to share passwords across services.”
Jackson told me the that the analysis the company did is somewhat limited, so it would be a good idea to check a service like HaveIBeenPwned.com to understand if there is some exposure with your email address. Without a doubt, you should use a very different password for each website you use, and you should sign up for 2 factor authentication (2FA) if offered.
Everytime Epik is been mentioned,I get the domain PTSD and my email address has been pawned by Epik
What my legal recourse?
Who going to pay for my mental and physical pain and suffering?
Generally speaking, you should already be doing this on a regular basis (updating your passwords) to protect your domains. It’s a good reminder that we don’t necessarily need a reminder from Escrow to update passwords.
Why not go to all your domain registrar accounts and change/update passwords?
In general, people (and companies) don’t always take the security precautions they should take – even the most obvious ones.
I received the email and thought it was spam because there was a typo in the body of the message: “out” industry has been put on high alert instead of “our” industry has been put on high alert.
That how they say it in Chinese English pinying..
Escrow base in China,a rental space from the CCP
Excuse me? They apparently base in the USA instead of China.
“out” industry has been put on high alert instead of “our” industry has been put on high alert.
Who did they hire to do a press release?
I got an email from Escrow and looks spammy.
They started in the US, but are now owned by an Australian company (and that’s where the CEO is), and do have some staff in China (or maybe a lot of staff, I don’t know, but some anyway).
Escrow.com should have two factor authentication (2FA) by now. Why they don’t have 2FA is beyond me.
Just to make it clear how badly Escrow.com has acted here:
Escrow.com apparently looked at the leaked data, and only sent emails to those people (not to all Escrow.com customers). But it’s sleazy that they looked at the data.
I have multiple accounts at Escrow.com, and they only sent their email to the one email address that was in the Epik hack.
So they basically looked at the data and cross-referenced it with their customer list… but I don’t like them delving into hacked data like this.
I received the Email Escrow.com I was not able to open it for my safety, for days I have received many emails subplanted from other brands and websites to send to Spam.
Many emails have those who hack Epik.com the Escrow.com email could have been a pershing attack viruses (Only open the emails that are safe and I check everything like that before) I do not trust the hack in Epik.com was very strong
I have all the domains, pay with a credit card and cancel it from my Epik account when checking my payment is done.
and in further “faith-based-security” news, a 2nd tranch of Epik data has been leaked.
This time it’s entire server images.
Watch this guy boot up a copy of a live Epik server and scroll through keys for all the major domain industry API connections…
https://twitter.com/WhiskeyNeon/status/1443308875604799495
Domain Industry lessons:
1. When flat-earth religious fanatics surface, don’t elevate them to Industry Spokesperson status.
2. Karma always bats last.
There endeth today’s lesson.