• Email Us: [email protected]
  • Contact Us: +1 718 874 1545
  • Skip to main content
  • Skip to primary sidebar

Medical Market Report

  • Home
  • All Reports
  • About Us
  • Contact Us

Web host Epik was warned of a critical website bug weeks before it was hacked

September 17, 2021 by David Barret Leave a Comment

Hackers associated with the hacktivist collective Anonymous say they have leaked gigabytes of data from Epik, a web host and domain registrar that provides services to far-right sites like Gab, Parler and 8chan, which found refuge in Epik after they were booted from mainstream platforms.

In a statement attached to a torrent file of the dumped data this week, the group said the 180 gigabytes amounts to a “decade’s worth” of company data, including “all that’s needed to trace actual ownership and management” of the company. The group claimed to have customer payment histories, domain purchases and transfers, and passwords, credentials, and employee mailboxes. The cache of stolen data also contains files from the company’s internal web servers, and databases that contain customer records for domains that are registered with Epik.

The hackers did not say how they obtained the breached data or when the hack took place, but timestamps on the most recent files suggest the hack likely happened in late February.

Epik initially told reporters it was unaware of a breach, but an email sent out by founder and chief executive Robert Monster on Wednesday alerted users to an “alleged security incident.”

TechCrunch has since learned that Epik was warned of a critical security flaw weeks before its breach.

Security researcher Corben Leo contacted Epik’s chief executive Monster over LinkedIn in January about a security vulnerability on the web host’s website. Leo asked if the company had a bug bounty or a way to report the vulnerability. LinkedIn showed Monster had read the message but did not respond.

Leo told TechCrunch that a library used on Epik’s WHOIS page for generating PDF reports of public domain records had a decade-old vulnerability that allowed anyone to remotely run code directly on the internal server without any authentication, such as a company password.

“You could just paste this [line of code] in there and execute any command on their servers,” Leo told TechCrunch.

Leo ran a proof-of-concept command from the public-facing WHOIS page to ask the server to display its username, which confirmed that code could run on Epik’s internal server, but he did not test to see what access the server had as doing so would be illegal.

It’s not known if the Anonymous hacktivists used the same vulnerability that Leo discovered. (Part of the stolen cache also includes folders relating to Epik’s WHOIS system, but the hacktivists left no contact information and could not be reached for comment.) But Leo contends that if a hacker exploited the same vulnerability and the server had access to other servers, databases or systems on the network, that access could have allowed access to the kind of data stolen from Epik’s internal network in February.

“I am really guessing that’s how they got owned,” Leo told TechCrunch, who confirmed that the flaw has since been fixed.

Monster confirmed he received Leo’s message on LinkedIn, but did not answer our questions about the breach or say when the vulnerability was patched. “We get bounty hunters pitching their services. I probably just thought it was one of those,” said Monster. “I am not sure if I actioned it. Do you answer all your LinkedIn spams?”

The far right’s favorite registrar is building ‘censorship-resistant’ servers

Source Link Web host Epik was warned of a critical website bug weeks before it was hacked

David Barret
David Barret

Related posts:

  1. Guinean political prisoners freed, regional bloc to discuss coup
  2. Pakistan suggests inviting Taliban-run Afghanistan to regional forum
  3. Soccer-Premier clubs could face sanctions if they play South American players
  4. Tigray forces killed 120 civilians in village in Amhara – Ethiopia officials

Filed Under: News

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

  • Have You Seen This Snake? Florida Wants Your Help Finding Rare Species Seen Once In 50 Years
  • Plague Confirmed In Lake Tahoe Area For First Time In 5 Years, California Officials Say
  • Supergiant Star Spotted Blowing Milky Way’s Largest Bubble Of Its Kind, Surprising Astronomers
  • Game Theory Promised To Explain Human Decisions. Did It?
  • Genes, Hormones, And Hairstyling – Here Are Some Causes Of Hair Loss You Might Not Have Heard Of
  • Answer To 30-Year-Old Mystery Code Embedded In The Kryptos CIA Sculpture To Be Sold At Auction
  • Merry Mice: Human Brain Cells Transplanted Into Mice Reduce Anxiety And Depression
  • Asteroid-Bound NASA Mission Snaps Earth-Moon Portrait From 290 Million Kilometers Away
  • Forget State Mammals – Some States Have Official Dinosaurs, And They’re Awesome
  • Female Jumping Spiders Of Two Species Prefer The Sexy Red Males Of One, Leading To Hybridization
  • Why Is It So Difficult To Find New Moons In The Solar System?
  • New “Oxygen-Breathing” Crystal Could Recharge Fuel Cells And More
  • Some Gut Bacteria Cause Insomnia While Others Protect Against It, 400,000-Person Study Argues
  • Neanderthals And Homo Sapiens Got It On 100,000 Years Earlier Than We Thought
  • “Womb Of The Universe”: Native American Tribal Elders Help Archaeologists Decipher Ancient Rock Art In Missouri Cave
  • 16,000-Year-Old Paintings Suggest Prehistoric Humans Risked Their Lives To Enter “Shaman Training Cave”
  • Final Gasps Of A Dying Star Seen Through A Record-Breaking 130 Years Of Data
  • COVID-19 “Vaccine Alternative” Injection Could Be On Fast-Track To Approval From FDA
  • New Jersey Officials Investigate Possible First Locally Acquired Malaria Case Since 1991
  • First-of-Its-Kind Bright Orange Nurse Shark Recorded Off Costa Rica Makes History
  • Business
  • Health
  • News
  • Science
  • Technology
  • +1 718 874 1545
  • +91 78878 22626
  • [email protected]
Office Address
Prudour Pvt. Ltd. 420 Lexington Avenue Suite 300 New York City, NY 10170.

Powered by Prudour Network

Copyrights © 2025 · Medical Market Report. All Rights Reserved.

Go to mobile version