Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

The hacktivist collective targeted the domain registrar Epik for providing services to clients including the Texas GOP, Parler, and 8chan.
balls going through hole
Anonymous says the 180-gigabyte data set contains a decade's worth of customer records.Photograph: Daniel Grizelj/Getty Images

Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients. These include the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as a torrent. The hacktivist collective says that the data set, which is over 180 GB in size, contains a "decade's worth of data from the company."

Anonymous says the data set is "all that's needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody." If this information is correct, Epik's customers' data and identities could now fall into the hands of activists, researchers, and just about anyone curious enough to take a peek.

Decades of Epik Stuff, Now in a Torrent Near You

Epik is a domain registrar and web services provider known to serve right-wing clients, some of which have been turned down by more mainstream IT providers due to the objectionable and sometimes illicit content hosted by the clients.

Anonymous' activities began with what the group calls "Operation Jane" after the Texas Heartbeat Act was signed into law this month. The restrictive abortion law allows private individuals, not necessarily government bodies or the police, to enforce the six-week abortion ban. According to the act, any Texas resident can bring a civil lawsuit against any person who performs or helps to facilitate an illegal abortion—and claim at least $10,000 in damages.

A note announcing the hack was spotted by journalist Steven Monacelli, who has since been doxxed by an Epik supporter.

Among the data set are various SQL databases containing what appear to be customer records associated with every domain name hosted by Epik. Ars analyzed a small subset of the leaked data set, including what a source calls an Epik employee's mailbox, which contains correspondence from Epik CEO Rob Monster.

Members of the whistleblower site Distributed Denial of Secrets (DDoSecrets) have also made the data set available via alternate means for those unable to use torrents.

"We are not aware of any breach. We take the security of our clients' data extremely seriously, and we are investigating the allegation," an Epik representative told Ars.

Hackers Alter Epik’s Knowledge Base to Mock Company’s Response

Anonymous also tampered with Epik's knowledge base to mock the company's denial of the breach.

"On September 13, 2021, a group of kids calling themselves 'Anonymous', whom we’ve never heard of, said they manage[d] to get a hold of, well, honestly, all our data, and then released it," said the altered knowledge base, as seen in an archived copy. "They claim it included all the user data. All of it. All usernames, passwords, e-mails, support queries, breaching all anonymization service[s] we have. Of course it’s not true. We’re not so stupid we'd allow that to happen."

The knowledge-base page ends by sarcastically saying, "We did write this ourselves, this is obviously not part of the hacked account." Epik has since removed the page.

Prior to this incident, Anonymous defaced the Texas GOP website by replacing references to "Help Texas Stay Red" with "Texas: Taking Voices from Women to promote theocratic erosion of church/state barriers." The group also added "donate" links to reproductive health care nonprofit Planned Parenthood.

This story originally appeared on Ars Technica.


More Great WIRED Stories