Epik Web Host Hacked After Security Flaw Warning

Data Breach at Epik: Anonymous Hacktivists Claim Responsibility

Individuals identifying with the Anonymous hacktivist collective have announced the release of a substantial amount of data obtained from Epik, a web hosting and domain registration service.

Epik is known for providing services to controversial platforms, including Gab, Parler, and 8chan, after these sites were deplatformed by larger providers.

Details of the Data Leak

The group asserts that the leaked data totals 180 gigabytes, representing a “decade’s worth” of company information.

This compromised data allegedly includes details sufficient to identify the true ownership and management structure of Epik.

Specifically, the hackers claim to have acquired customer payment records, domain registration and transfer histories, as well as passwords, login credentials, and employee email communications.

Files originating from the company’s internal web servers and customer databases for domains registered through Epik are also reportedly part of the stolen cache.

Timeline of the Breach

The timing of the data breach remains unclear, with the hackers not disclosing when it occurred.

However, file timestamps suggest the incident likely took place in late February.

Initially, Epik stated they were unaware of any security breach.

Subsequently, founder and CEO Robert Monster sent an email to users on Wednesday acknowledging an “alleged security incident.”

Prior Security Warning

TechCrunch reports that Epik was alerted to a significant security vulnerability weeks before the breach occurred.

Security researcher Corben Leo contacted Robert Monster via LinkedIn in January regarding a security flaw on Epik’s website.

Leo inquired about a bug bounty program or a method for reporting the vulnerability.

While Monster reportedly viewed the message, he did not respond.

The Vulnerability Explained

Leo explained that a library used on Epik’s WHOIS page, responsible for generating PDF reports of domain records, contained a decade-old vulnerability.

This flaw allowed unauthorized individuals to execute code directly on the internal server without authentication.

“You could just paste this [line of code] in there and execute any command on their servers,” Leo stated to TechCrunch.

Leo demonstrated the vulnerability by successfully requesting the server to display its username from the public-facing WHOIS page.

He refrained from further testing to avoid potentially illegal activity.

Connection to the Anonymous Hack

It is currently unknown whether the Anonymous hacktivists exploited the same vulnerability identified by Leo.

The stolen data includes folders related to Epik’s WHOIS system, but the hackers have not provided contact information for further inquiry.

Leo believes that exploiting the vulnerability, particularly if the server had access to other systems, could have facilitated access to the data stolen in February.

“I am really guessing that’s how they got owned,” Leo told TechCrunch, confirming the flaw has since been addressed.

Epik’s Response

Robert Monster acknowledged receiving Leo’s LinkedIn message but declined to answer questions about the breach or the vulnerability’s patch status.

He dismissed the message as potentially unsolicited, stating, “We get bounty hunters pitching their services.”

Monster questioned, “Do you answer all your LinkedIn spams?”