Received at 19:20 UTC, approx 2 days after the breach was publicly known:<p>> At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.<p>> Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.<p>> You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.<p>> Blessings to you all.<p>> Regards,<p>> Rob Monster<p>> Founder and CEO<p>> Epik Holdings Inc
> <i>At Epik, we take security and the privacy of your information very seriously.</i><p>If this were true, how did they end up with an engineering culture that uses unsalted MD5 to hash passwords?<p>If you search for "securing passwords," hashing is the first topic covered.<p>At some point we have to accept that 95% of companies <i>do not</i> take security seriously and decide what to do next.
Welp. I bought a domain I needed from them a few weeks ago (waiting to transfer it out); didn't have much of a choice. Are the dumps posted already?