The credit card numbers and online activity of people frequenting several far-right websites have been compromised after the Anonymous hacktivist collective breached Epik. Epik is a web-hosting company known for serving groups such as the Oath Keepers and social media networks Gab and Parler.
After a massive data dump by Anonymous, users of websites hosted by Epik were notified their credit card numbers and other personal information may have been compromised. In a breach notification report to the state of Maine filed on Sept. 20, Epik’s attorney said 110,000 people were affected by the data breach.
In addition to exposed credit card numbers, internet investigators have been combing through the data dump to “out” people who have expressed supposed white supremacist and far-fight views on the compromised websites, with much of the information posted on Twitter under the “EpikFail” hashtag. Some Twitter users have posted the names of people running the websites of far-right groups, and other reports found that some members of the Oath Keepers had .gov email addresses.
Twitter has suspended some accounts for posting credit card data culled from the breach.
Epik, which promotes itself as a protector of free speech, has hosted websites for the Proud Boys, 8chan, and InfoWars, among others at the fringes of the Right.
Anonymous first released information about the data breach on Sept. 13. The group claimed to have gained access to a “decade’s worth of data” from Epik, based near Seattle. “Time to find out who in your family secretly ran a … disinfo publishing outfit or yet another QAnon hellhole,” the group wrote in a press release. “Decloak origin IPs of nazi websites for further investigation, poking, prodding!”
Epik confirmed a data breach on Sept. 17. The company said it was working with multiple cybersecurity teams to secure affected systems and remediate the breach. A company representative didn’t immediately provide additional information about the breach.
While some people applauded Anonymous’s goals of exposing extremists and groups spreading disinformation, some cybersecurity experts compared the group to more traditional criminal hackers.
The leaked data can “lead to financial troubles and even identity theft,” added Daniel Markuson, a digital privacy expert at NordVPN. In addition to credit card information, Anonymous also claims to have captured customer payment histories, domain purchase information, passwords, and other information, he noted.
Anonymous comprises “modern-day cyber vigilantes,” said Chuck Everette, director of cybersecurity advocacy at cybersecurity vendor Deep Instinct. While members of the group may believe they’re doing the right thing, this type of hacking violates the law in most countries, he said.
“They have their own agenda, and their intent seems to be to inflict as much possible damage,” he told the Washington Examiner. “These acts of hacktivism seek to punish, harm, or embarrass groups or individuals without due process.”
The hackers should face consequences, added Jon Clay, vice president of threat intelligence at cybersecurity vendor Trend Micro. “Regardless of who perpetrates the attack, stealing information from a company is wrong and should be punished,” he said.
He recommended that customers of websites using Epik’s services change their passwords and monitor their email and credit accounts for suspicious activity. However, there is little people can do to protect themselves from having their activities exposed when Anonymous has already released a significant amount of data.
Some news organizations have written stories about the customer data exposed, and some websites and social media users have published customer data, and Clay questioned the ethics of doing so. “Leaking publicly any information that was obtained illegally and through hacking efforts should not be tolerated,” he told the Washington Examiner.
Washington Examiner Videos
Tags: Business, Technology, Cybersecurity, Computer Hacking, Parler, Data Breach
Original Author: Grant Gross
Original Location: Anonymous hack of web-hosting company Epik exposes personal information