Epik, the controversial web registrar that frequently comes under fire for hosting far-right groups and individuals, has had an immense amount of its data spilled onto the internet in recent days. The deluge, which reportedly consists of some 180 gigabytes of user registration and domain information, payment history, account credentials and more, appears to have been stolen during a hacking incident involving members of the hacktivist collective Anonymous.
Now, a new report from TechCrunch seems to show that the company was warned about a potentially large security flaw in its platform several weeks prior to the hack.
Security researcher Corben Leo says that he reached out to Epik’s CEO, Rob Monster, in January, to ask if Epik had a bug bounty program or another way to report the vulnerability. Monster apparently never replied. The hacking incident appears to have occurred roughly a month later, according to outlets who have viewed the data. TechCrunch reports:
Leo told TechCrunch that a library used on Epik’s WHOIS page for generating PDF reports of public domain records had a decade-old vulnerability that allowed anyone to remotely run code directly on the internal server without any authentication, such as a company password.
“You could just paste this [line of code] in there and execute any command on their servers,” Leo told TechCrunch.
It is unconfirmed if this vulnerability was used to hack the company.
Epik has been slow to respond to the claims about a leak. When Gizmodo initially reached out to the company on Tuesday, a spokesperson told us that the company was “not aware of any breach.” However, a day or so later, screenshots of an email from Monster to users began circulating on social media. The email partially read:
…as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.
Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity.