On September 13, hackers claiming to be part of the well-known hacktivist group Anonymous announced that they had compromised the cybersecurity of far-right web host and domain registrar, Epik. The hackers said they had gained access to “a decade’s worth of data,” account credentials, financial records, employee emails, and the details necessary to transfer domain names registered via Epik away from their owners.
The data breach was later confirmed to be roughly 180 gigabytes and contained 15 million email addresses, 843,000 transaction records, and almost a million invoices.
Among the collateral damage was also Epik’s “entire primary database” of usernames, passwords, SSH keys, credit card numbers, and subpoenas and preservation requests. Many of these items related to the January 6 attack on the US Capitol.
Shadowy Dynamics: Anonymous vs. Epik
Epik, based in Washington state, provides web hosting and domain registration services to many different organizations, including TexasGOP.org, the online home of the Texas Republican Party. Perhaps most famously, the far-right social network Parler moved to Epik after their previous hosting provider cut them off for the network’s role in planning the January 6 storming of the US Capitol.
These facts alone make Epik a predictable target for Anonymous. The decentralized hacktivist collective—started on the anonymous imageboard 4chan in 2003—has targeted government agencies of the US and Israel, Daesh (also known as Islamic State), the Westboro Baptist Church, the Church of Scientology, and large multinational corporations such as Sony, PayPal, MasterCard, and Visa.
“Hacktivism” is a form of civil disobedience most commonly associated with human rights, free speech, and the freedom of information. Anonymous is a good example of a hacktivist organization—decentralized, with no clear leader, but loosely organized around similar ideological causes.
With its roots in hacker culture, the term “hacktivist” has been around since the mid-1990s but has experienced a resurgence in popularity.
When Anonymous compromised Epik, they managed to get their hands on a lot of data. Perhaps most notably, server backups—and other information, such as login credentials, a database of unspecified content, and “sensitive documents” belonging to the Texas Republican Party.
TexasGOP.org may have been the main target, as Anonymous targeted the group with a website takedown on September 11, two days before the larger Epik hack.
Whether you agree with their politics, their methods, or their actions, it’s impossible to argue against the fact that Anonymous is capable of taking down a large web hosting provider and stealing all of their data.
Epik, due to the nature of the organizations they support, makes this a murky situation at best. But one thing is clear from the Epik hack—in the absence of adequate cybersecurity services, no one’s data is safe, and once sensitive data is out in the wild, it can be used against you.
MSPs, and especially managed IT security services, are part of the answer, providing small businesses the training and protection they need to guard against phishing attacks that data breaches like this make all too possible. It’s unclear how Anonymous might choose to use the data they seized in the Epik hack, but it’s not too difficult to imagine the group might leverage it to facilitate other takedowns.
If there’s a lesson to be learned here, it may well be that data security should be an organization’s top priority, no matter their politics. Make sure you’re protected and get a free cybersecurity evaluation today to get started on improving your business’s security.