Epik data leak impacts 15 million users
Online service provider Epik has confirmed its data breach and consequent leak of over 180 GB of personal user information.
The breach of the alt-right domain registrar and web service provider’s databases happened last week by an infamous hacktivist collective that call themselves Anonymous. Initially, Epik denied any kind of breach, in response to which the group altered the company’s knowledge base as proof of hack, forcing Epik’s hand to recognize the breach:
— Epik.com (@EpikDotCom) September 18, 2021
The 180 GB leak contains 15,003,961 email addresses that belong to both Epik’s customers and users that have nothing to do with the service provider. This happened because Epik scraped the whole WHOIS record of domains (which is public data), and stored the records including those that have never conducted business with the company.
Apart from email addresses, the leaked WHOIS SQL database contained IPs, domains, physical addresses, and phone numbers of the users. Even though some of that information appears to be dated, the HaveIBeenPwned breach monitoring service has been sending out millions of warning emails to those affected by the breach. And the Twitter poll conducted by the service’s founder Troy Hunt indicates that most of the users are interested in finding out whether they were affected by the breach.
Processing the Epik breach and there's *lots* of email addresses taken from other places, for example stored copies of WHOIS records. If your address is in there – even if you didn't subscribe to the service – do you want @haveibeenpwned to notify you that they have your address?
— Troy Hunt (@troyhunt) September 17, 2021
After confirming the breach, Epik is currently sending out warning emails to affected parties. The company is not yet sure whether any credit card or payment information has been leaked, and says to be conducting a thorough investigation, urging affected users to reach out if they detect any kind of unusual activity with their account, credit cards, domains, etc.:
“As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords”
Epik is best known for providing web services to right-wing clients, some of which have even been turned down by other providers and tend to host illicit content.