Several hackers identifying under the Anonymous collective allegedly stole data from Epik, containing information about the web host’s domains and clients.
Epik provides domain name, hosting, and DNS services. It’s a controversial firm that serves various clients, including those dropped by other web-hosting providers, such as Texas GOP, Gab, Parler, 8chan, and YouTube channels BitChute and The Donald.
The anonymous’ activities started with what they call “Operation Jane,” following the Texas Heartbeat Act signed earlier this month.
The Hacktivist collective first hacked the official website of the GOP (Texas Republican Party). Now, they claim to have obtained 180GB or “decade’s worth of data from the company,” according to the group’s website.
Steven Monacelli, an independent journalist from Texas, was the first to report the incident on Twitter, as per a press release by 4Chan that Anonymous posted. The dataset can help anyone trace the “actual ownership and management of the fascist side of the internet,” notes the press release.
SCOOP: a group of "hackers on steroids" gained access to a large dataset belonging to Epik, the web host of the Texas GOP website, Texas Right to Life website, and anti-abortion snitch website. pic.twitter.com/2meRX9CAPm
— steven monacelli (@stevanzetti) September 13, 2021
Whistleblowing group Distributed Denial of Secrets analyzed the data, providing further information. According to the company, the gigabytes of data include all domain purchases and transfers, whois history, DNS changes, email forwards, catch-alls, etc. It also includes payment history (without credit card data), account credentials, over 500,000 private keys, a dump of an employee’s mailbox, Git repositories, /home/ and /root/ directories of one of their core systems.
Soon after Anonymous’ claims, the public reached out to Epik. The company responded they are not aware of any such incident that may have resulted in a data breach on such a massive scale.
An Epik’s representative had this to say:
“We take the security of our clients’ data extremely seriously, and we are investigating the allegation.”
However, Anonymous tampered with Epik’s knowledge base, mocking the company’s denial of the breach.
They wrote an article titled “Update: They claim we got hacked, Q says they are lying,” as seen in the archived copy of the altered knowledge base. Here’s an excerpt from it:
On September 13, 2021, a group of kids calling themselves ‘Anonymous,’ whom we’ve never heard of, said they manage[d] to get a hold of, well, honestly, all our data, and then released it. They claim it included all the user data. All of it. All usernames, passwords, emails, support queries, breaching all anonymization service[s] we have. Of course, it’s not true. We’re not so stupid we’d allow that to happen.
They further specified: “It’s as bullshit as COVID19 and 5G,” referring to the claims. The Hacktivist collective ended the post with, “PS We did write this ourselves; this is obviously not part of the hacked account.”