Epik Domain Registrar Data Leaked for the Second Time
Table of Contents
- By Dawna M. Roberts
- Published: Oct 08, 2021
- Last Updated: Mar 18, 2022
A hacker collective known as Anonymous leaked data from a previous Epik domain registrar data breach for the second time this month. The data leak contains 300GB of what they call the “The/b/Sides'' and is larger than the initial leak.
What Happened?
Texas journalist Steven Monacelli first reported about the data leak on Twitter. According to Data Breach Today ‘The hacktivists, in a press release posted on a website unsuitable for general public viewing, say:
“You didn’t think we completely dominated Epik and merely ran off with some databases and a system folder or two, did you?. We are Anonymous. Flexing as hard as we can is how we do a barrel roll (Press Z or R twice!).”
Dot Daily, a news agency first reported about the story, said that the hacktivists attached “several bootable disk images of assorted systems'' in a 70GB torrent file along with their announcement.
Two third-party research firms, WhiskeyNeon and INIT_3 have analyzed the contents of the leak to verify the accuracy of the claim.
The public notice also exposes 59+ API keys and dozens of login credentials for Epik’s infrastructure and its Twitter, Coinbase, and PayPal accounts.
When approached for a comment, Epik declined the invitation.
The Initial Data Leak and Breach
In mid-September, Epik was the victim of a data breach exposing 15 million customers’ email addresses along with names, phone numbers, physical addresses, purchases, and passwords. Unfortunately, the breach was not a small one. Epik provides domain registrar services along with hosting and other digital products and services.
On September 13, Monacelli first announced the initial data leak from Anonymous as part of their “#OperationJane” or “Operation Epik Fail” efforts.
Data Breach Today adds,
“According to free breach notification service Have I Been Pwned, which received a set of the exposed data, the leak compromised over 180 GB of data, including 15 million email addresses and corresponding personal details of not just Epik’s own customers and systems, but also details of millions of other individuals and organizations who had their information scraped via “Whois” queries from domain name registrars.”
How Did Epik Respond?
Epik initially revealed that they were unaware of the data breach until Rob Monster, the company’s CEO, hosted a Q&A session for four hours on September 16 to answer questions about it. He explained that it had probably come from a backup that threat actors had “intercepted.”
Epik notified the state of Maine that 110,000 customers were affected by the data breach. “Financial account and credit card data of these individuals, in combination with the security code, access code, password or PIN, transaction history, and domain ownership associated with their account, had also been exposed, it showed.”
Interestingly, security researcher, Corben Leo had notified Epik back in January about a security vulnerability. However, the company chose not to act. When asked about it, Monster said he thought the email was spam, so he ignored it.
Epik sent its customers a breach notification. The company divulged that they are working with multiple threat research vendors to investigate the issue and remediate the threat to prevent further intrusions. Epik is also offering customers two years of credit monitoring services and maintaining communication with “relevant authorities and other stakeholders.”
As validation of this, Epik responded,
“At this time, we have secured access to our domain-side services and applied additional security measures to help protect services and users going forward.”
Customers can visit Troy Hunt’s website Have I Been Pwned to check to see if their email address and corresponding information are part of this data breach.
