Epik Online Security Failure

Hacktivist group Anonymous compromised Epik, a domain registrar of last resort. Tens of thousands of people fleeing online political, religious, and social persecution have turned to Epik to restore their freedom of speech. After their doxing, Epik customers now have reason to fear for their jobs, their access to banking and credit services, and their lives. This Epik online security failure shows why you and your business must make online security your top priority.

Epik Online Security Failure

Major domain registrars have cancelled domains registered lawfully by law-abiding Americans. These registrars control who can operate internet websites. They impose their political and social beliefs on the public by canceling domains that oppose their views.

Common domain cancellers include domain registrars such as:

  • GoDaddy.
  • Google.
  • DreamHost.
  • Network Solutions.
  • Tucows.
  • eNom.

These registrars blacklist any domain they de-platform. That’s why freedom-oriented registrars exist.

As one of the largest pro-liberty domain registrars, Epik has come under a continual barrage of disinformation spread by Democrat-controlled media outlets, such as CNN, MSNBC, The New York Times, etc.

Anonymous has taken the attacks against Epik to a new level. The hackers have compromised Epik’s servers and have exposed the registrar’s entire customer base to the public.

Anonymous illegally “doxed” Epik customers.

What happens when Democrats dox a person?

When activists get their hands on lists of the people they hate, they use the information to send mobs to those people’s homes, employers, schools, and banks. Consequently, doxed people typically suffer some serious abuses:

  • Physical assault.
  • Property destruction.
  • Loss of banking access.
  • Loss of payment processing services.
  • Family harassment.
  • Public shaming.
  • Expulsion from educational institutions.
  • Denial of healthcare services.
  • De-platforming from social media and domain services.
  • Boycotting of businesses.
  • Physical destruction of businesses.
  • Attacks against a business’ customers.

Now do you understand the dangerous situation Epik caused by failing to prioritize online security?

If you resist mandatory mRNA cellular operating system injections (called “vaccines” by Democrats), support President Trump, peacefully protest government tyranny, oppose election fraud, question climate change, oppose the murder of unborn children, believe in border enforcement, refuse to enforce perversion, support the welfare of children, or promote equal rights for all races, you and your business are at risk.

At anytime, Democrat Party activists my attack you based on something you have said, done, or thought in the past, present of future. Beware. You can’t predict who they may attack either now or in the future.

Online security matters to everyone.

The Epik online security failure: The story

Here’s the gist of the story as presented by ARStechnica.com:

Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients. These include the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as a torrent. The hacktivist collective says that the data set, which is over 180GB in size, contains a “decade’s worth of data from the company.”

Anonymous says the data set is “all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody.” If this information is correct, Epik’s customers’ data and identities could now fall into the hands of activists, researchers, and just about anyone curious enough to take a peek.

https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/

Democrat-controlled arstechnica maliciously describes Epik, a legitimate and legal business entity:

Epik is a domain registrar and web services provider known to serve right-wing clients, some of which have been turned down by more mainstream IT providers due to the objectionable and sometimes illicit content hosted by the clients.

https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/

You may also read more about this incident at therecord.media.

Ignoring Online Security

Sadly, like many businesses, Epik failed to regard cybersecurity seriously.

TechCrunch.com reports that the company was warned about its egregious security flaws weeks before the Anonymous hacking group downloaded all of Epik’s business data.

Here’s an excerpt from an article, “Web host Epik was warned of a critical security flaw weeks before it was hacked,” written by Zack Whittaker and published at Tech Crunch:

Security researcher Corben Leo contacted Epik’s chief executive Monster over LinkedIn in January about a security vulnerability on the web host’s website. Leo asked if the company had a bug bounty or a way to report the vulnerability. LinkedIn showed Monster had read the message but did not respond.

Leo told TechCrunch that a library used on Epik’s WHOIS page for generating PDF reports of public domain records had a decade-old vulnerability that allowed anyone to remotely run code directly on the internal server without any authentication, such as a company password.

“You could just paste this [line of code] in there and execute any command on their servers,” Leo told TechCrunch.

https://techcrunch.com/2021/09/17/epik-website-bug-hacked/

Don’t let this happen to your business. Contact Simple Online Security to get a comprehensive security audit. But, don’t stop with getting information about your vulnerabilities: Take action to protect your business. Simple Online Security can help.

Epik response

So far, Epik has had little to say about this incident.

The only response we’ve seen is from an email dated September 15, 2021:

Date: Sep 15, 2021, 15:12
From: no-reply@epik.com
Subject: Important update from Epik.com

At Epik, we take security and the privacy of your information very seriously. Therefore as a precautionary measure, I am writing to inform you of an alleged security incident involving Epik.

Our internal team, working with external experts, have been working diligently to address the situation. We are taking proactive steps to resolve the issue. We will update you on our progress. In the meantime please let us know if you detect any unusual account activity. I am proud of our team’s efforts as we do our part to empower a thriving internet for the benefit of our customers around the world.

You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good.

Blessings to you all.

Regards,

Rob Monster
Founder and CEO
Epik Holdings Inc mt

Here’s another update from Rob Monster:

By now, most of you will have seen our first official update sent via email today.

Quick supplemental update:

– Cyber forensic work is moving swiftly.

– Our engineers believe the hack is of an aged remote backup, not of Epik’s core production.

– No customer domains have been impaired to our knowledge. More domains arrived today than left Epik.

– Our support team is doing an excellent job.

Cyber security is no joke. If this can be done to Epik, it can be done to anyone. As it was, we were already in the process of heavily investing in this arena. Lord-willing, we will once again emerge stronger from the experience.

On a personal note, I am thankful for the outpouring of support. May those of you who choose to stand with Epik all be greatly blessed, both in this life, and the one to come.

Regards,

Rob

https://onlinedomain.com/2021/09/16/domain-name-news/epik-was-hacked/

We’ll post additional updates regarding the Epik online security failure as they become available.

Epik Fail Update: 2019-09-19

Epik released the following message for email on September 19, 2021:

Date: Sep 19, 2021, 00:38
From: no-reply@epik.com
Subject: Security Notice from Epik

Hello,
We are contacting you to notify you of an urgent security notice. Despite the extensive security practices we use to protect our platforms and customer information, we have confirmed an unauthorized intrusion into some of our domain-related systems.

We have mobilized the full force of multiple cyber security teams to assess the scope of this intrusion. We are taking aggressive action to completely secure and remediate all potentially affected systems, while complying with all applicable laws. As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords.

At this time, we have not confirmed that your card information has been compromised. As a precautionary measure, you may choose to contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly. Should you observe any unauthorized activity, please document and report it immediately.

We are notifying you because we consider your privacy and security our single greatest priority. Our mission to provide legendary service to all customers remains unchanged. We appreciate your support as we work through the full resolution of this situation, and we will continue to provide you with ongoing updates as we learn more.

Thank you,

Epik Security Team

Lessons Learned: You need Simple Online Security

Don’t let Anonymous or any other cybercriminals destroy your business and your life.

Contact Simple Online Security, LLC via email (sales@simpleonlinesecurity.com) today to begin your affordable and effective cybersecurity strategy.

Before you leave, check out some cybersecurity-related links hosted right here at SimpleOnlineSecurity.com.