Domain registrar and web host Epik has suffered a significant data breach by the group Anonymous, allegedly in retaliation for hosting far-right websites. The breach exposed a large volume of data not only from Epik customers, but also from WHOIS records belonging to individuals and organizations that were not Epik customers.
The data includes more than 15 million unique email addresses, names, phone numbers, physical addresses, purchases, and passwords stored in various formats.
What they have obtained
SCOOP a group of “steroid hackers” gained access to a large database belonging to Epik, the far-right related web server. In addition to the websites mentioned above there are also the websites of Gab, Parler and 8chan.
The stolen data has been published as a file .torrent and can be downloaded from a client application that allows it to do so. The hacktivist collective says the dataset, which is over 180 GB in size, contains “a decade of company data.”
Anonymous says the dataset is “all that is needed to track the actual ownership and management of the fascist side of the internet that has eluded researchers, activists and, well, almost everyone.” If this information is correct, the data and identities of Epik customers could now fall into the hands of activists, researchers, and just about anyone curious enough to look.
The problem is that they not only take with them data from right-wing activists but also data from anonymous people who out of curiosity entered those websites to look. Or that they simply registered on a website that has nothing to do with it but that stayed at Epik.
What to do to protect your personal information
Although passwords were not exposed in this breach, there are several steps you can take to better protect your personal information and have more privacy on the network.
Avoid sharing your phone number
Try to avoid giving out your phone number when registering new accounts or services. If the phone number isn’t required, don’t include it. Also, don’t happily give your phone number to be added to WhatsApp groups. On WhatsApp you can see your full number and anyone in that group can write to you.
Use email aliases
Giving your personal email address makes it easy for hackers or trackers to find your passwords or find you online. There is a way to hide your email address. It’s using a service like Firefox Relay. What it does is keep your original email safe and forward to it the messages that come to you through the decoy address.
Don’t use words or addresses in passwords
Using addresses or words or the street where you grew up weakens your passwords. Since it is easy to find this information publicly, it makes these passwords easy to guess.
Use unique and strong passwords for each account
Password reuse puts all your accounts at risk. Never reuse passwords, cybercriminals can test the same password on multiple sites and access a page that you do care about. This means that if a password is exposed, hackers will have the key to access your private information.