Sends Epik Security Breach Password Reset Email

This morning on NamePros, a user named astrade shared an email he received from suggesting that a password reset may be necessary due to the “security breach at domain registrar Epik.” The email suggests that the recipient change the password for the account at Another email shared on NamePros by an customer indicates that automatically reset the user’s password.

I reached out to Jackson Elsegood, General Manager at, and he confirmed that the email was sent by I also asked Jackson who, in general, received this password reset email.

Here’s what Jackson told me:

“This is a legitimate email that we sent out given the size of the hack and that passwords were involved. Over the past year and a half we’ve been building our security capabilities and one of the necessary initiatives is to proactively manage threats like this.

We contacted users we believed may be impacted by the breach and asked them to update their password in case it was compromised, and added a reminder not to share passwords across services.”

Jackson told me the that the analysis the company did is somewhat limited, so it would be a good idea to check a service like to understand if there is some exposure with your email address. Without a doubt, you should use a very different password for each website you use, and you should sign up for 2 factor authentication (2FA) if offered.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. Everytime Epik is been mentioned,I get the domain PTSD and my email address has been pawned by Epik
    What my legal recourse?
    Who going to pay for my mental and physical pain and suffering?

  2. Generally speaking, you should already be doing this on a regular basis (updating your passwords) to protect your domains. It’s a good reminder that we don’t necessarily need a reminder from Escrow to update passwords.

    Why not go to all your domain registrar accounts and change/update passwords?

  3. I received the email and thought it was spam because there was a typo in the body of the message: “out” industry has been put on high alert instead of “our” industry has been put on high alert.

  4. Just to make it clear how badly has acted here: apparently looked at the leaked data, and only sent emails to those people (not to all customers). But it’s sleazy that they looked at the data.

    I have multiple accounts at, and they only sent their email to the one email address that was in the Epik hack.

    So they basically looked at the data and cross-referenced it with their customer list… but I don’t like them delving into hacked data like this.

  5. I received the Email I was not able to open it for my safety, for days I have received many emails subplanted from other brands and websites to send to Spam.

    Many emails have those who hack the email could have been a pershing attack viruses (Only open the emails that are safe and I check everything like that before) I do not trust the hack in was very strong

    I have all the domains, pay with a credit card and cancel it from my Epik account when checking my payment is done.

  6. and in further “faith-based-security” news, a 2nd tranch of Epik data has been leaked.

    This time it’s entire server images.

    Watch this guy boot up a copy of a live Epik server and scroll through keys for all the major domain industry API connections…

    Domain Industry lessons:

    1. When flat-earth religious fanatics surface, don’t elevate them to Industry Spokesperson status.

    2. Karma always bats last.

    There endeth today’s lesson.

Leave a Reply

Recent Posts

Questions Related to Uni —> Afternic Parking Migration

If you are a Uniregistry customer, you most likely received an email explaining the upcoming migration of the Uniregistry Market and parking platform to...

Some Uni-Registered New gTLDs Will be Transferred to 1API

I received an email from Uni (formerly Uniregistry) that I initially thought was a Whois verification email and almost ignored. It was, in fact,...

Advice and Resources for a Newbie Domain Investor

Someone reached out to me on Twitter seeking advice for selling domain names. In a short tweet thread, I shared a few thoughts and... Now Forwarding to ChatGPT Website

Early this morning, Andy Booth tweeted about, asking if the domain name was acquired by ChatGPT. Andy presumably asked because the domain...

Markmonitor Highlights Job Openings

Last week, GoDaddy layoffs impacted 8% of its workforce around the world. I am sure there are quite a few experienced people seeking new...