The infamous domain registrar Epik has officially confirmed the news Hackread.com broke earlier this month that its systems were hacked by a group affiliated with the Anonymous hacktivist collective.
On September 15th, Hackread.com published a detailed story revealing that the online hacktivist group Anonymous hacked “a decade’s worth of data” from Epik, a firm known for providing hosting to right-wing platforms like Texas GOP, Gab, Parler, 8chan, and the abortion whistleblower for the Texas Right to Life’s website.
It is worth noting that Texas GOP was also hacked in a separate attack by Anonymous just days before Epik’s hack.
Official Statement from Epik
The company, touted to be the Swiss Bank of Domains, took to Twitter to confirm the data hack. The tweet read:
“On September 15, we confirmed that certain customer-account information for our domain-related systems was accessed and downloaded by unauthorized third parties.” The firm sent data breach notifications to its customers, urging them to stay alert for any rogue activity involving information they had used to access Epik’s services. This may include registered names, credit card numbers, usernames, passwords, and email IDs.
110,000 Individuals Affected by the hack
In a data breach notice filed with the Maine attorney general’s office, Epik has acknowledged revealed that 110,000 individuals have been impacted by the breach.
However, it is also suspected that non-customers may also be affected by the breach since Troy Hunt of HaveIBeenPwned said that his data was also part of the data dump, although he had never transacted with Epik, indicating that the company was engaged in data scraping.
Press Release from Anonymous
According to Anonymous’ press release, which was originally shared by journalist Steven Monacelli earlier this month, The data breach was an act of retaliation for the company’s preference for hosting questionable right-wing websites.
The group revealed that this dataset is all they need to trace the management and ownership of the “fascist side of the internet.”
“Time to find out who in your family secretly ran an Ivermectin horse porn fetish site, disinfo publishing outfit, or yet another QAnon hellhole,” the attackers said adding that the breached data was barely salted and available in plain text format.
“Yep, these Russian developers they hired are actually just that bad,” they said.
The hackers could obtain account credentials for Epik clients and internal systems with over 500,000 private keys, Git repositories, and employee emails, the press release said.
Although Hackread.com has independently verified the data; according to Ars Technica’s report, one of the folders in the data also contains 16 GB in personal records of users.
“We noticed WHOIS records for some domains were dated and contained incorrect information about domain owners – people who no longer own these assets… with emails, IP addresses, domains, physical addresses and phone numbers of the users,” Ars Technica reported.