On Sept 13, 2021, hackers self-identifying as “Anonymous” breached domain registrar and web services provider Epik, which provides domain name, hosting, and DNS services for a variety of clients including the Texas GOP, Gab, Parler, and 8chan, among others.
Exfiltrated data totaling in the gigabytes “reveals embarrassing details of who’s behind Proud Boys and other far-right websites”, according to the Washington Post. It was allegedly enabled by a 10-year-old unpatched vulnerability on Epik’s systems.
The Twitter account @epikfailsnippet has been releasing snippets from the archive, including security questions and answers stored in plaintext, insecure credit card information, and the ownership of charming domains like NAZIAPPAREL.COM, SEXYNAZI.COM, and PLANDEMIC.COM.
The breach was initially reported by Daily Beast contributor Steven Monacelli (@stevanzetti) on Sept 13.
On Sept 14, hackers altered the live data behind Epik’s knowledgebase to confirm the breach, undermining previous denials by Epik.
Epik CEO Rob Monster (sic) responded via a video call on Sept 18.