Posted on September 19, 2021 at 7:28 AM

Hackers Exploit Unpatched Security Vulnerabilities on Epik

Epik has recently been attacked by hackers linked to the dreaded Anonymous, a  hacker group that has leaked large loads of Epik’s data. This comes after weeks of the company receiving warnings about weaknesses in their security systems.

Epik is a web host and a domain registrar that provides respective services to radical sites such as Gab, Parler, and 8chan. The hacking group was able to infiltrate Epik following an incidence of being booted from conventional platforms. There was no information about how the attackers could acquire the leaked data or when the actual attack happened. However, according to timestamps that were released last, it is clear that the hack took place sometime during the month of February this year.

Leaked data and prior warnings

In a report spotted within a torrent file of the dumped data, the Anonymous group announced that up to 180GB worth of data was leaked, translating to almost ten years of company data. The hackers also went forward to highlight that the data was so clear that it would be easily possible to trace it back to the web host company, so far up to the management.

Anonymous hacktivist collective revealed that as part of the accessed and leaked data, there were records of histories of customers making payment, the purchases made by the company’s domain and associated transfers, passwords and private credentials, among other data contained within the mailboxes of individual employees.

The cache of the data accessed by Anonymous also featured files acquired from the internal web servers and databases, which also hold the records of customers for every domain signed up by Epik Web Host. While the web host came forward to inform reporters that the company was not aware of the infiltration, there was an email sent by the company’s founder and CEO to report an alleged security issue.

Moving forward, it has become clear that Epik web host had received numerous warnings to alarm them about vulnerabilities in their security system. The warnings came weeks before the attack from Corben Leo, a security researcher, who had attempted to inform the CEO Robert Monster through his LinkedIn account. In his message, Leo had sought to know whether Epik had a bug bounty or whether they had precautions in place to be used in reporting security flaws.

The security researcher revealed a vulnerability that had existed for almost ten years within the company’s library on their WHOIS page used in generating reports in PDF format. This mostly affected their records in the public domain and was therefore exposed to anyone who could run code internally absent any authentication.

In his own words, Leo pointed that “one could easily paste the line in code into the internal server and perform any command on the servers”. This came after he had personally run a code as a proof-of-concept. The security researcher used a public-oriented WHOIS page in commanding the server to show the used username. Upon doing this, he received a confirmation that it was indeed possible to run code over the internal servers of the Epik web host. However, Leo did not find out the access used by the server because this would have been illegal and therefore punishable by law.

Vulnerabilities used by Anonymous

There is no known fact about what vulnerability Anonymous took advantage of, or if it was the one identified by Leo. While some of the illegally acquired caches had folders linked to Epik’s WHOIS system, Anonymous did not leave any contact information and were unavailable for comments.

Nonetheless, the security researcher remained firm about his belief that supposing a hacker had exploited the flaws he had identified and the server could access the other servers run by the company, their databases and even systems running over the network, then it would have been possible to access the kind of data that Anonymous hacktivist group had stolen from Epik web host early this year.

The CEO of Epik, Mr Corben Monster, confirmed that he had indeed received the warnings from Leo on his LinkedIn inbox. However, he was reserved about answering any questions after that, especially about security breaches and system vulnerabilities. In his defence, Mr Monster said that they get such alarms from different people hence his decision to ignore it.

However, it is clear that the company will become more vigilant in the future, paying due importance to the hints or warnings given to them over any social platform. They would not leave anything to chance because of the lesson they learned from this dreadful attack by the dreaded Anonymous hacking group.