The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service.[1][2] More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped.[3] The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous.[1] The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year.[4] A second release, this time containing bootable disk images, was made on September 29.[5] A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.[6]
Epik is known for providing services to websites that host far-right, neo-Nazi, and other extremist content.[7][8] Past and present Epik customers include Gab, Parler, 8chan, the Oath Keepers, and the Proud Boys.[1][9] The hack was described as "a Rosetta Stone to the far-right" because it has allowed researchers and journalists to discover links between far-right websites, groups, and individuals.[1] Distributed Denial of Secrets (DDoSecrets) co-founder Emma Best said researchers had been describing the breach as "the Panama Papers of hate groups".[1]
Epik was subsequently criticized for lax data security practices, in particular failing to properly encrypt sensitive customer data.[1]
WaPohugehack
was invoked but never defined (see the help page).:3
was invoked but never defined (see the help page).:10
was invoked but never defined (see the help page).:2
was invoked but never defined (see the help page).:8
was invoked but never defined (see the help page).