Tag: Epik | SpinSafe

‘Anonymous’ reportedly leaks more stolen Epik data • The Register

September 30, 2021/in Mobile Security

Entities using the name and iconography of Anonymous (EUTNAIOA) claim to have leaked server disk images extracted from Epik – the controversial US outfit that has provided services to far-right orgs such as the Oath Keepers and Gab, provided a home to social-network-for-internet-outcasts Parler, and hosted hate-hole 8chan.

Epik made a virtue of providing such services. In a blog post defending its decision to operate Gab’s domain name after GoDaddy declined to do so, Epik CEO Rob Monster argued it was a free speech issue, and said deplatforming companies is both censorship and a violation of inalienable rights.

EUTNAIOA earlier leaked 180GB of data it said it siphoned from Epik servers, plenty of it detailing the activities of far-right groups such as The Proud Boys and the ridiculous QAnon mob. This included personally identifiable information, domain ownership records, account credentials and SSH keys, internal Git repos, payment histories, and more.

The hacktivist collective justified the release of stolen data on the grounds it exposed racists, and dubbed the operation: Epik Fail.

That document dump was shared around the internet and was widely assessed as authentic. At least one Epik customer identified in the leaked files – a Florida estate agent – was fired as a result of the leak; it emerged he had tried to register domains such as theholocaustisfake.com via the web biz.

This latest super-dump of stolen Epik data was first reported by the Daily Dot on Wednesday after EUTNAIOA shared the information as a torrent.

One of the publication’s reporters tweeted a partial screen shot of the collective’s announcement of the leak, and detailed some of its contents:

BREAKING: The hacking collective Anonymous has announced another data leak from the web hosting company Epik.

Data includes full disk images of Epik’s server infrastructure & exposes at least 59 API keys for Twitter, Coinbase, PayPal, &…

Source…

Epik Confirms Hack, Gigabytes of Data on Offer

September 21, 2021/in Computer Security

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source…

Epik Was Warned About a Large Security Flaw Before Its Data Leaked

September 18, 2021/in Internet Security

Epik, the controversial web registrar that frequently comes under fire for hosting far-right groups and individuals, has had an immense amount of its data spilled onto the internet in recent days. The deluge, which reportedly consists of some 180 gigabytes of user registration and domain information, payment history, account credentials and more, appears to have been stolen during a hacking incident involving members of the hacktivist collective Anonymous.

Now, a new report from TechCrunch seems to show that the company was warned about a potentially large security flaw in its platform several weeks prior to the hack.

Security researcher Corben Leo says that he reached out to Epik’s CEO, Rob Monster, in January, to ask if Epik had a bug bounty program or another way to report the vulnerability. Monster apparently never replied. The hacking incident appears to have occurred roughly a month later, according to outlets who have viewed the data. TechCrunch reports:

Leo told TechCrunch that a library used on Epik’s WHOIS page for generating PDF reports of public domain records had a decade-old vulnerability that allowed anyone to remotely run code directly on the internal server without any authentication, such as a company password.

“You could just paste this [line of code] in there and execute any command on their servers,” Leo told TechCrunch.

It is unconfirmed if this vulnerability was used to hack the company.

Epik has been slow to respond to the claims about a leak. When Gizmodo initially reached out to the company on Tuesday, a spokesperson told us that the company was “not aware of any breach.” However, a day or so later, screenshots of an email from Monster to users began circulating on social media. The email partially read:

…as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.

Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity.

G/O Media may get a commission

When…

Source…

How the Epik hack reveals every secret the far-right tried to hide

September 16, 2021/in Internet Security

A large-scale breach of the domain registrar and web hosting company Epik has exposed a massive trove of data, including the names of individuals behind some of the far-right’s most notorious websites.

graphical user interface: anonymous mask worn by man in epikfail hack

© Provided by Daily Dot
anonymous mask worn by man in epikfail hack

The data, as first reported by independent journalist Steven Monacelli on Monday, was released as a torrent this week by the hacking collective Anonymous.

Load Error

In a press release on the hack, dubbed Operation EPIK FAIL, Anonymous claimed that it was able to obtain “a decade’s worth” of information, including domain registrations and transfers, account credentials, and emails from an Epik employee.

“This dataset is all that’s needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and, well, just about everybody,” the release alleges.

A compressed version of the torrent was later released by the journalist collective DDoSecrets, which plans to upload and host the data for reporters and researchers.

Epik’s customers include social media sites such as Parler and Gab as well as far-right forums like TheDonald. A pro-life website that urged Texas residents to report women seeking abortions to the authorities in the wake of the state’s abortion ruling was also temporarily a customer of Epik.

In a statement to Gizmodo on Tuesday, an Epik spokesperson claimed that the company was “not aware of any breach.”

Epik CEO Robert Monster sent an email on Wednesday to customers acknowledging “an alleged security incident” but did not provide specifics.

“Our internal team, working with external experts, have been working diligently to address the situation,” Monster wrote. “We are taking proactive steps to resolve the issue. We will update you on our progress.”

“You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them,” Monster added. “I believe that what the enemy intends for evil, God invariably transforms into good.”

The Daily Dot attempted to reach Monster for comment, whose phone…

Source…

Tag Archive for: Epik