Release: #EpikFail (180 GB)

180 gigabytes of user, registration, forwarding and other client information from the "privacy" web host and registrar Epik, known for hosting websites for the far right

Hackers aligned with the Anonymous movement published a trove of data from the webhost Epik, which hosts far-right websites. People have been using the hashtag #EpikFail and starting dedicated accounts (not affiliated with DDoSecrets) to cover the revelations coming out from this dataset, like who registered the website for the Oathkeepers, for TheDonald.Win, or what other domains are owned by Alex Jones’ IT director.

The hacktivist’s note published on 4chan and found by journalist Steven Monacelli says the Epik data includes "all that's needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody."

The hackers might have been helped by a ten-year-old unpatched vulnerability: a security researcher told TechCrunch that “you could just paste this [line of code] in there and execute any command on their servers.” The researcher says he reported the security issue to Epik’s CEO and never got a response.

But on Sept. 14, Epik told Gizmodo they weren’t aware of the data breach, even as media coverage started to come out.

Mother Jones noted that Distributed Denial of Secrets has a history with Epik. Epik, which has called itself the “Swiss Bank of Domains,” while its CEO Rob Monster called himself “the Lex Luthor of the internet,” has hosted websites enabling stalking and harassment of DDoSecrets members. Emma Best flagged this potential conflict of interest early in the lifecycle of the Epik leak, tweeting: “(Sites hosted by Epik) were used to defame, stalk, and threaten DDoSSecrets members … Epik knew. Gab’s CEO knew. They all enabled it.”

Ars Tecnica’s opinion about the nature of the Epik breach is that:

Among the data set are various SQL databases containing what appear to be customer records associated with every domain name hosted by Epik. Ars analyzed a small subset of the leaked data set, including what a source calls an Epik employee's mailbox, which contains correspondence from Epik CEO Rob Monster.

The Daily Dot also is taking a deep-dive into the Epik data. Their early research includes finding:

The names, addresses, phone numbers, and email addresses of those who registered web domains for a range of sites related to everything from the QAnon conspiracy theory to forums for supporters of former President Donald Trump.

A Linux engineer doing an assessment for their client who was impacted by #EpikFail told the Daily Dot: “they are fully compromised end-to-end,” and that the breach was “maybe the worst I’ve ever seen in my 20-year career.”

The engineer pointed the Daily Dot to what they described as Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.

The Record also called and confirmed details of the breached data with three randomly selected Epik customers whose information was included in the client files.

The hackers claim the data contains:

  • WHOIS history

  • DNS changes

  • Payment history

  • Account credentials

  • Over 500,000 private keys

  • An employee's mailbox

  • Git repositories

  • /home/ and /root/ directories of a core system

DDoSecrets has released an edited torrent file, which is optimized for easier downloading. Ours is just a compressed version of the original, so it's smaller and has fewer files. Both versions of the torrent can be accessed in our Epik article.