Hacktivist collective Anonymous alleges to have stolen huge amounts of data from Epik, a company that offers domain name, hosting, and DNS services to a wide range of clients, such as Gab, Parler, 8chan, Texas GOP, and other right-wing websites.
The stolen data has been made available as a torrent. According to the hacktivist collective, the data set, which is over 180GB in size, comprises a “decade’s worth of data from the firm.”
Anonymous claims the data set of Epik, which includes usernames and passwords, is “all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody.”
Epik is a domain registrar and online services company famous for serving right-wing customers, some of whom have been turned down by more mainstream IT companies owing to the clients’ offensive and occasionally illegal content.
After the Texas Heartbeat Act was made law this month, Anonymous’ operations began with “Operation Jane,” which supports individuals to oppose abortion.
The data set includes several SQL databases that contain customer records associated with domain names hosted via Epik. Ars analyzed a subset of the leaked database, which included what appears to be an Epik employee’s mailbox with communication from Rob Monster, the CEO of Epik.
The same data set has been released by Distributed Denial of Secrets (DDoSecrets) through alternative methods. It is meant for individuals who can’t download via torrents.
Meanwhile, Epik’s representative said that they weren’t aware of any leak. They take the security of clients’ data very seriously and are looking into the allegations right now.
Anonymous altered Epic’s knowledge base to mock the company’s denial of these allegations. “On September 13, 2021, a group of kids calling themselves ‘Anonymous’, whom we’ve never heard of, said they manage[d] to get a hold of, well, honestly, all our data, and then released it,” said an archived copy of the altered knowledge base (Epik has since removed the page). “They claim it included all the user data. All of it. All usernames, passwords, e-mails, support queries, breaching all anonymization service[s] we have. Of course it’s not true. We’re not so stupid we’d allow that to happen.”
The leaked data set contains various SQL databases with what appears to be customer records for every domain name hosted by Epik.