Web Host Epik Warned of a Critical Security Flaw Weeks before it Was Hacked

Web Host Epik Warned of a Critical Security Flaw Weeks before it Was Hacked

Hackers linked to the hacktivist organization Anonymous claim to have stolen terabytes of data from Epik, a web host, and domain registrar that caters to far-right websites such as Gab, Parler, and 8chan after they were banned from mainstream platforms. 

The organization said the 180 terabytes amounted to a “decade’s worth” of corporate data, including “everything that’s needed to track true ownership and management” of the firm, in a statement linked to a torrent file of the spilled data this week. 

The gang claimed all customer payment history, domain purchases, and transfers, as well as passwords, credentials, and employee emails. Files from the company’s internal web servers, as well as databases containing client details for Epik-registered domains, are among the stolen material.

The hackers did not explain how they got the hacked data or when it happened, although timestamps on the most recent files imply it happened around the end of February. Epik first denied there had been a breach, but on Wednesday, founder and CEO Robert Monster sent out an email alerting members to an “alleged security problem.”

Epik was alerted about a serious security issue weeks before the attack, according to TechCrunch. In January, security researcher Corben Leo contacted Epik’s CEO Monster via LinkedIn to inform him of a security flaw on the web host’s website. Leo inquired whether the firm offered a bug bounty or if there was a mechanism to report the issue. The monster had viewed the letter, according to LinkedIn, but had not responded.

According to Leo, a library used on Epik’s WHOIS page for creating PDF reports of public domain registrations had a decade-old vulnerability that allowed anybody remotely run code on the internal server without any authentication, such as a business password. Leo told TechCrunch, “You could just drop this [line of code] in there and execute any command on their systems.” Leo used the public-facing WHOIS page to send a proof-of-concept command to the server, which proved that code could execute on Epik’s internal server, but he did not test to see what access the server had because it would be unlawful.

It is unclear whether the Anonymous hacktivists exploited the same flaw that Leo uncovered. (There are other folders linked to Epik’s WHOIS system in the stolen cache, but the hackers left no contact information and could not reach for comment.) 

However, Leo claims that if a hacker exploited the same weakness and gained access to other servers, databases, or systems on the network, the data taken from Epik’s internal network in February might have been accessed.

“I’m very sure that’s how they got bought,” Leo told TechCrunch, who confirmed the bug had been repaired. Monster verified that he got Leo’s LinkedIn message, but he declined to comment on the incident or specify when the vulnerability was corrected. “Bounty hunters approach us and offer their services.”I was probably simply thinking it was one of them,” Monster explained. “I’m not sure whether I did anything about it.” Do you respond to all of your LinkedIn spam?