2021 Epik data breach

Rob Monster, then-CEO of Epik, in 2017.

The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service.[1][2] More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped.[3] The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous.[1] The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year.[4] A second release, this time containing bootable disk images, was made on September 29.[5] A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.[6]

Epik is known for providing services to websites that host far-right, neo-Nazi, and other extremist content.[7][8] Past and present Epik customers include Gab, Parler, 8chan, the Oath Keepers, and the Proud Boys.[1][9] The hack was described as "a Rosetta Stone to the far-right" because it has allowed researchers and journalists to discover links between far-right websites, groups, and individuals.[1] Distributed Denial of Secrets (DDoSecrets) co-founder Emma Best said researchers had been describing the breach as "the Panama Papers of hate groups".[1]

Epik was subsequently criticized for lax data security practices, in particular failing to properly encrypt sensitive customer data.[1]

  1. ^ a b c d e f Cite error: The named reference WaPohugehack was invoked but never defined (see the help page).
  2. ^ Cite error: The named reference :3 was invoked but never defined (see the help page).
  3. ^ Cite error: The named reference :10 was invoked but never defined (see the help page).
  4. ^ Whittaker, Zack (September 17, 2021). "Web host Epik was warned of a critical security flaw weeks before it was hacked". TechCrunch. Retrieved September 17, 2021.
  5. ^ Cite error: The named reference :2 was invoked but never defined (see the help page).
  6. ^ Thalen, Mikael (October 4, 2021). "Anonymous releases data on Texas GOP in latest Epik hack dump". The Daily Dot. Archived from the original on 2021-10-04. Retrieved October 4, 2021.
  7. ^ Cite error: The named reference :8 was invoked but never defined (see the help page).
  8. ^ Allyn, Bobby (February 8, 2021). "'Lex Luthor Of The Internet': Meet The Man Keeping Far-Right Websites Alive". NPR. Archived from the original on February 9, 2021. Retrieved February 9, 2021.
  9. ^ Sharwood, Simon (September 30, 2021). "Anonymous: We've leaked disk images stolen from far-right-friendly web host Epik". The Register. Retrieved October 1, 2021.

2021 Epik data breach

Dodaje.pl - Ogłoszenia lokalne