A group saying it’s aligned with the hacker collective Anonymous posted a release about the hack earlier this week. It says that the reason for the attack is that Epik caters to the far-right and extremist websites. After Epik seemed to waffle on whether there was a hack, the hackers made it public on Epik’s website itself.
engine
11:56 am on Sep 19, 2021 (gmt 0)
Ouch!
Security strengthening for users will have to be a priority for everyone, if it's not too late for some.
Act now and assume your data is already in the wrong hands.
NickMNS
3:09 pm on Sep 19, 2021 (gmt 0)
and Epik's response to this:
"We are not aware of any breach. We take the security of our clients' data extremely seriously, and we are investigating the allegation," an Epik representative told Ars.
We take the security of our clients' data extremely seriously,
Really? User password were store in plain text, not hashed and not salted. This can be best described as negligence.
Webwork
11:53 pm on Sep 21, 2021 (gmt 0)
Interesting how much data is now in the open, exposing those associated with far right / fascist websites to public scrutiny.
“This dataset is all that’s needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and, well, just about everybody,” the release alleges.
Epik had scraped Whois information of domains not registered via Epik. That means a lot of the domain related information is not necessarily registered via Epik.
jmccormac
6:48 am on Oct 13, 2021 (gmt 0)
It was a lot worse than the first reports suggested. Complete server images were released.
Regards...jmcc
creeking
2:33 pm on Oct 15, 2021 (gmt 0)
that could expose forum PMs. maybe I should do some housekeeping.
remember the AOL searches publication? this could become an online searchable database.
jmccormac
12:56 pm on Oct 17, 2021 (gmt 0)
Possibly. The problem is that there are complete server images and creditcard data floating around on the Torrents. The trouble ticketing system even showed FBI preservation requests and subpoenas for various domain names.
