Domain registrar Epik is known for hosting certain types of domains. They call themselves the Swiss Bank of Domains – neutral in the political fights. They host the domains for right wing sites like Parler and Gab and political sites like Texas Right to Life and the Texas GOP, among many others.
The company confirmed that hackers breached their security AND downloaded customer account information.
The hackers may be affiliated with the non-group Anonymous, the loose collective of hackers that go after folks that they don’t like. They said, in a press release, that the hack was in retaliation for Epik’s habit of hosting questionable alt-right websites (their words).
“This dataset is all that’s needed to trace actual ownership and management of the fascist side of the internet,” the group said. “Time to find out who in your family secretly ran an Ivermectin horse porn fetish site, disinfo publishing outfit or yet another QAnon hellhole.”Epik Confirms Hack, Gigabytes of Data on Offer | Threatpost
It also appears that non-customers were also swept up in hack as well and some of their data was stolen too.
Size-wise, the hackers stole 180 gigabytes of data, they say, including names, phone numbers, physical addresses, purchases and passwords.
Also apparently much of the data was not encrypted and some of it was only lightly salted (meaning that reversing it was trivial for the hackers).
It seems that the hackers are GIVING the data away for FREE. Here is what you get for free:
- domain purchases and transfers in and out, all whois history unredacted, all DNS changes, all email forwards, payment history (without credit cards), account credentials for customers, hosting, VPN, etc., Epik’s internal servers and systems, Epik’s GoDaddy logins and more.
The hackers said “yep, these Russian developers they hired are actually just that bad.” referring to the lack of encryption and weak hashing.
They also hacked the Texas GOP web site for fun.
What does this mean to you?
First of all – vendor cyber risk management. Are your vendors secure?
Second, if you used Epik, change all affected passwords and encryption keys
Third, assume an attack like this could happen; plan for it. Then do what you can to mitigate the damage from it.
Credit: Ars Technica