Epik's Server Data Exposed Following New Data Leak

Anonymous has made public what it claims to be previously unreleased information about Epik, a controversial web hosting company.

Epik's Server Data Exposed Following New Data Leak
Epik's Server Data Exposed Following New Data Leak | Image credits: TechRadar

As early as last month, the hacker collective Anonymous claimed responsibility for accessing Epik, the domain registrar notorious for hosting far-right websites including TheDonald Gab, and Parler. More than 15 million people were impacted by the breach, according to Daily Dot.

The data leak included a 70GB torrent file shared by the hacktivist collective that has many bootable disk images for various systems on it and exposed personal information such as passwords, credit card numbers, addresses, email addresses, and names.

The press release reads "[Y]ou didn't think we completely dominated Epik and merely ran off with some databases and a system folder or two, did you?" [...] "We are Anonymous. Flexing as hard as we can is how we do a barrel roll (Press Z or R twice!)."

When asked about the file structure of the breach, Texas-based hacker and cybersecurity specialist WhiskeyNeon explained to the Daily Dot how the disk pictures reflected the entirety of Epik's server network. He went on to say that the leak is unique in that it contains a virtual machine disk that boots up the complete server, as opposed to prior data breaches that contained mostly configuration files, documents, and database dumps.

In addition to Epik's system, the data also includes API keys and unencrypted login credentials for CoinBase, PayPal, and the company's Twitter account (all in plaintext).

Epik initially denied the data leak

While Epik first denied any breach had occurred following the initial disclosure, the company eventually admitted that it was investigating an alleged security incident.

Following an initial four-hour online video conference with Epik CEO Rob Monster, who declined to comment when contacted by The Daily Dot, the company would go on to address the first hack. During the conference, Monster would repeatedly break into prayer, make valiant attempts to exorcise demons, and warn the audience that the curses placed on the hacked data could cause their hard drives to catch fire.

During the call, Monster said that an unknown person had made an attempt to steal $100,000 using his Coinbase API key.

After the Capitol brawl on January 6, the leak would reveal anything from right-wing domains targeted with subpoenas to conservative Ali Alexander's attempts to conceal his ties to election fraud conspiracy websites.

Data from the Oath Keepers militia, an organization that began using Epik's services in January, was allegedly hacked just days before the second Epik leak occurred. Members and donors of the paramilitary group, including those who work for the U.S. government and military, would have access to emails, internal discussions, and other material belonging to the group.