Firefox has just alerted me to evidence that my e-mail address was among many breached by a hit on a firm called Epik. I’ve never heard of Epik. The “Have I Been Pwned” site explains that the hit included unrelated data scraped from WHOIS, and that my telephone number, purchase history etc. have been collected. This is all very concerning, and Firefox offers advice on what to do next. However, I can’t find anything that tells me how to determine which of my many online accounts has been breached. I already use LastPass and unique passwords for everything, so I assume that other account details are safe. But how do I identify the breached one so I can change the details?
There’s a great deal of information about Epik and the data breach at Epik (company) - Wikipedia that is well worth the read.
If you never owned a domain name and are not a far-right activist, then I suspect it has nothing to with any account you may have and the breach was related to information they somehow obtained from scraping the Internet to gather information about you for some unknown reason, perhaps to see if you could be a future customer.
I have registered a few domain names, none of them through Epik (which, as I said, I have never heard of before), and my political views are very ordinary.
The fact that, as the Wikipedia article explains, Anonymous hacked the data, and the fact that my data can have been acquired only through the scraping of WHOIS, as explained by Pwned, suggest that I am safe from any thieves.
However, this still leaves obscure the steps I might take to find out which of my accounts has been exposed. Any clues?
If you have control of the DNS for your domains so you can add a record, or if email to postmaster@domain gets to you, you can register your domains with haveibeenpwned and get email with user names found in a breach:
Check to see if the companies you registered with are still independent and have not been bought out by Epik. Lots of consolidation going on with the entire Internet these days.