Security Experts:

Connect with us

Hi, what are you looking for?



Controversial Web Host Epik Confirms Customer Data Exposed in Breach

Controversial web services provider Epik last week confirmed that sensitive information pertaining to its customers was stolen in a data breach.

Controversial web services provider Epik last week confirmed that sensitive information pertaining to its customers was stolen in a data breach.

During the incident, hackers were able to access non-public Epik servers that stored a backup copy of the company’s domain-side service accounts. The attack happened on or before September 13, 2021, Epik said in a notification letter to customers.

The attackers were able to access data such as names and addresses, phone and VAT numbers, email addresses, login credentials (usernames and passwords), domain ownership, transaction histories, and in some cases credit card information.

The company says it has retained cybersecurity firms to investigate the breach, while notifying law enforcement and the affected customers.

“At this time, we have secured access to our domain-side services and have applied additional security measures to help protect services and users going forward,” the company says.

Information Epik submitted to the Maine Attorney General’s office shows that 110,000 people were affected by the breach. The Washington Post says up to 38,000 credit card numbers were compromised in the incident.

Epik is known for providing web services to sites hosting extremist content, such as those advocating racism, hate speech, violence, and misinformation, and which have been rejected by other web services providers.

The attack was conducted by Anonymous hacktivists, who made public over 150 gigabytes of private data allegedly stolen from the web services provider. The leak is regarded as a boon for extremism researchers and political opponents.

Related: UK Minister Sorry Over Afghan Interpreters’ Data Breach

Related: Nokia-Owned SAC Wireless Discloses Data Breach

Related: IBM: Average Cost of Data Breach Exceeds $4.2 Million

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...