Hacker group Anonymous has reportedly released a massive database of names, passwords, and addresses of right-wing web administrators, with some likening the documents to the Panama Papers leaked in 2016.
The cyber intrusion was targeted at Epik, a Washington-based domain registrar that is known to host right-wing websites, many of whom were muzzled by mainstream web hosting services. Epik has hosted several controversial sites such as 8chan and The Daily Stormer, aside from alternative social media platforms Gab and Parler.
What is Epik? Parler social network moves to right-wing web-hosting firm, sues Amazon for cutting off services
Anonymous, the most secretive hacking group, has made a name for itself over the years by targeting ISIS and CIA
Computer experts believe the vast data leak could take years to scour through. “It’s massive. It may be the biggest domain-style leak I’ve seen and, as an extremism researcher, it’s certainly the most interesting,” Elon University computer science professor Megan Squire told the Washington Post. “It’s an embarrassment of riches – stress on the embarrassment.” The data breach was first brought to light by freelance reporter Steven Monacelli on September 13.
Who owns Epik?
Epik was founded in 2009 by Dutch-American technology executive Rob Monster, who has long advocated to keep the internet free and open. Born in 1966 to a Dutch American family, Monster grew up in Philadelphia, Pennsylvania, and went on to earn his bachelor’s degree and MBA at Cornell University. In 2007, Monster became a devout Christian. He is married to naturopath Jill Monster and they have five children together. Monster, who now serves as CEO of Epik, has fervently defended hosting controversial websites that have been refused by other web hosts, maintaining that the company is committed to protecting “lawful free speech.”
That said, the data leak exposed the lackluster cybersecurity undergirding Epik. Anonymous hacked into their systems and made the data available for download, claiming it would help expose the ownership and management of “the worst trash the Internet has to offer.” According to the Daily Dot, the files include years of purchase records, internal details, customer credentials meant to out right-wing web administrators. The data reportedly also includes details like client names, home addresses, email addresses, phone numbers, and passwords.
One of those affected was Black conservative pundit Ali Alexander, who created the ‘Stop the Steal’ website days before the January 6 Capitol riot. According to an analysis by the Daily Dot, several domains from the leak were directly tied to the right-wing activist.
NEW: Days after the Capitol riot, ‘Stop the Steal’ founder Ali Alexander was racing to hide his ownership of over 100 websites.
But Ali used a domain privacy service from Epik, which was just recently hacked.
Here are the websites Ali tried to hide https://t.co/VMOuMcmlx5
— Mikael Thalen (@MikaelThalen) September 20, 2021
Emma Best, the co-founder of whistleblower group Distributed Denial of Secrets, likened the 2016 leak to the Panama Papers, which included more than 11 million documents from Panamanian law firm Mossack Fonseca that exposed where the wealthy stashed their money. “A lot of research begins with naming names,” she told the Washington Post. “There’s a lot of optimism and feeling of being overwhelmed, and people knowing they’re in for the long haul with some of this data.”
Monster broadcast an email to his customers two days after the hackers announced the breach, explaining that the company had fallen victim to an “alleged security incident” and asking clients to report any “unusual account activity.”
“You are in our prayers today,” Monster wrote last week. “When situations arise where individuals might not have honorable intentions, I pray for them. I believe that what the enemy intends for evil, God invariably transforms into good. Blessings to you all.” The Epik CEO also addressed the leak in a live stream last week. “If you have a negative intent to use that data, it’s not going to work out for you,” he said. “I’m just telling you. If the demon tells you to do it, the demon is not your friend.”
It’s worth noting that the Federal Trade Commission has previously enforced financial penalties on firms that failed to adequately protect their customers. Adult dating website Ashley Madison was forced to pay $1.6 million to settle an FTC investigation following a major 2015 data breach that exposed its customer’s identities, many of whom were having extramarital affairs.
“Given Epik’s boasts about security, and the scope of its Web hosting, I would think it would be an FTC target, especially if the company was warned but failed to take protective action,” former FTC consumer protection bureau chief David Vladeck told the Post. “I would add that the FTC wouldn’t care about the content – right-wing or left-wing; the questions would be the possible magnitude and impact of the breach and the representations … the company may have made about security.”