Hackers operating under the banner of Anonymous have released more data from Epik, the controversial web hosting company known for offering refuge to the far-right.
In a press release titled “You Lost The Game,” the hacktivist group announced on Monday part three of what it has dubbed “Operation EPIK FAIL.”
The latest leak is alleged to contain more bootable disk images of Epik’s servers as well as a data backup linked to the Republican Party of Texas, which is said to include “private documents” and “draft articles that didn’t make the narrative cut.” The Texas GOP website had been defaced by Anonymous in retaliation for the state’s controversial abortion ban on Sept. 11.
The Daily Dot is in the process of verifying the authenticity of the data after receiving it.
The campaign against Epik was first acknowledged on Sept. 13 when Anonymous revealed that it had breached the domain registrar, exposing at least 180GB of sensitive data. The hackers followed up on Sept. 30 with “The /b/ Sides,” a more than 300GB release containing bootable disk images of Epik’s servers.
The leaks have continued to cause widespread fallout for Epik’s customers, which includes websites such as Parler, Gab, 8chan, and TheDonald. The first release exposed everything from passwords and credit card numbers to customer names, email addresses, physical addresses, and phone numbers.
Epik CEO Rob Monster would eventually weigh in on the breach on Sept. 16 in an unorthodox video conference open to the public. The four-hour meeting saw Monster break out into prayer multiple times, issue warnings about “cursed” hard drives bursting into flames, and engage in a back-and-forth with a notorious neo-Nazi.
The data cache allowed the Daily Dot to discover not only websites that had been targeted with subpoenas by the FBI and others but trace the actions of prominent far-right figures such as Ali Alexander, who attempted to scrub his digital ties to dozens of domains relating to election fraud conspiracy theories in the wake of the Jan. 6 Capitol riot.
A real estate agent in Florida who was found to have registered numerous antisemitic domains also lost their job. A man who ran websites relating to the Proud Boys in Canada, where the far-right group is listed as a terrorist organization, was placed under investigation by his employer at a government-owned pipeline and energy company.
The Oath Keepers militia, which began using Epik following the failed insurrection, also had its data leaked on Sept. 27. Although those responsible did not claim affiliation with Anonymous, dates found within the data, which was given by the hackers to the journalism and transparency collective DDoSecrets, suggest the exposure could have been linked to Epik’s breach.
The Daily Dot was able to find at least 160 official government and military email addresses in a membership list compiled by the militia. Multiple investigations have been launched as a result of the leak. The New York Police Department (NYPD) announced last week that it had launched an internal review of two officers whose names were found in the breach.
The second release of Epik data resulted in the exposure of at least 59 API keys, which allow to securely communicate with one another, for services such as Twitter, Coinbase, and PayPal. Monster claimed during his live video conference with the public that someone had attempted to use his API key for Coinbase to steal $100,000.
It remains unclear what fallout will result from the third release as journalists and researchers struggle to sift through the enormous amounts of information already present in the previous two leaks.
The news of the latest leak was first reported by Steven Monacelli.
This week’s top technology stories
*First Published: Oct 4, 2021, 9:41 am CDT
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.