This morning on NamePros, a user named astrade shared an email he received from Escrow.com suggesting that a password reset may be necessary due to the “security breach at domain registrar Epik.” The email suggests that the recipient change the password for the account at Escrow.com. Another email shared on NamePros by an Escrow.com customer indicates that Escrow.com automatically reset the user’s password.
I reached out to Jackson Elsegood, General Manager at Escrow.com, and he confirmed that the email was sent by Escrow.com. I also asked Jackson who, in general, received this password reset email.
Here’s what Jackson told me:
“This is a legitimate email that we sent out given the size of the hack and that passwords were involved. Over the past year and a half we’ve been building our security capabilities and one of the necessary initiatives is to proactively manage threats like this.
We contacted users we believed may be impacted by the breach and asked them to update their password in case it was compromised, and added a reminder not to share passwords across services.”
Jackson told me the that the analysis the company did is somewhat limited, so it would be a good idea to check a service like HaveIBeenPwned.com to understand if there is some exposure with your email address. Without a doubt, you should use a very different password for each website you use, and you should sign up for 2 factor authentication (2FA) if offered.