Controversial web services provider Epik last week confirmed that sensitive information pertaining to its customers was stolen in a data breach.
During the incident, hackers were able to access non-public Epik servers that stored a backup copy of the company’s domain-side service accounts. The attack happened on or before September 13, 2021, Epik said in a notification letter to customers.
The attackers were able to access data such as names and addresses, phone and VAT numbers, email addresses, login credentials (usernames and passwords), domain ownership, transaction histories, and in some cases credit card information.
The company says it has retained cybersecurity firms to investigate the breach, while notifying law enforcement and the affected customers.
“At this time, we have secured access to our domain-side services and have applied additional security measures to help protect services and users going forward,” the company says.
Information Epik submitted to the Maine Attorney General’s office shows that 110,000 people were affected by the breach. The Washington Post says up to 38,000 credit card numbers were compromised in the incident.
Epik is known for providing web services to sites hosting extremist content, such as those advocating racism, hate speech, violence, and misinformation, and which have been rejected by other web services providers.
The attack was conducted by Anonymous hacktivists, who made public over 150 gigabytes of private data allegedly stolen from the web services provider. The leak is regarded as a boon for extremism researchers and political opponents.
Related: UK Minister Sorry Over Afghan Interpreters’ Data Breach
Related: Nokia-Owned SAC Wireless Discloses Data Breach
Related: IBM: Average Cost of Data Breach Exceeds $4.2 Million