Tech

Nameless hack of web-hosting firm Epik exposes private data

The bank card numbers and on-line exercise of individuals frequenting a number of far-right web sites have been compromised after the Nameless hacktivist collective breached Epik. Epik is a web-hosting firm identified for serving teams such because the Oath Keepers and social media networks Gab and Parler.

After a large information dump by Nameless, customers of internet sites hosted by Epik had been notified their bank card numbers and different private data could have been compromised. In a breach notification report to the state of Maine filed on Sept. 20, Epik’s lawyer stated 110,000 individuals had been affected by the information breach.

Along with uncovered bank card numbers, web investigators have been combing via the information dump to “out” individuals who have expressed supposed white supremacist and far-fight views on the compromised web sites, with a lot of the knowledge posted on Twitter underneath the “EpikFail” hashtag. Some Twitter customers have posted the names of individuals working the web sites of far-right teams, and different stories discovered that some members of the Oath Keepers had .gov e mail addresses.

Twitter has suspended some accounts for posting bank card information culled from the breach.

Epik, which promotes itself as a protector of free speech, has hosted web sites for the Proud Boys, 8chan, and InfoWars, amongst others on the fringes of the Proper.

Nameless first launched data in regards to the information breach on Sept. 13. The group claimed to have gained entry to a “decade’s price of information” from Epik, primarily based close to Seattle. “Time to search out out who in your loved ones secretly ran a … disinfo publishing outfit or one more QAnon hellhole,” the group wrote in a press launch. “Decloak origin IPs of nazi web sites for additional investigation, poking, prodding!”

Epik confirmed a knowledge breach on Sept. 17. The corporate stated it was working with a number of cybersecurity groups to safe affected methods and remediate the breach. An organization consultant did not instantly present extra details about the breach.

Whereas some individuals applauded Nameless’s objectives of exposing extremists and teams spreading disinformation, some cybersecurity specialists in contrast the group to extra conventional felony hackers.

The leaked information can “result in monetary troubles and even id theft,” added Daniel Markuson, a digital privateness knowledgeable at NordVPN . Along with bank card data, Nameless additionally claims to have captured buyer fee histories, area buy data, passwords, and different data, he famous.

Nameless includes “modern-day cyber vigilantes,” stated Chuck Everette, director of cybersecurity advocacy at cybersecurity vendor Deep Intuition . Whereas members of the group could imagine they’re doing the fitting factor, any such hacking violates the legislation in most international locations, he stated.

“They’ve their very own agenda, and their intent appears to be to inflict as a lot potential harm,” he advised the Washington Examiner. “These acts of hacktivism search to punish, hurt, or embarrass teams or people with out due course of.”

The hackers ought to face penalties, added Jon Clay, vice chairman of menace intelligence at cybersecurity vendor Development Micro . “No matter who perpetrates the assault, stealing data from an organization is mistaken and must be punished,” he stated.

He beneficial that clients of internet sites utilizing Epik’s companies change their passwords and monitor their e mail and credit score accounts for suspicious exercise. Nevertheless, there’s little individuals can do to guard themselves from having their actions uncovered when Nameless has already launched a big quantity of information.

Some information organizations have written tales in regards to the buyer information uncovered, and a few web sites and social media customers have revealed buyer information, and Clay questioned the ethics of doing so. “Leaking publicly any data that was obtained illegally and thru hacking efforts shouldn’t be tolerated,” he advised the Washington Examiner.



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button