The EPIK hack is epic

We’re gonna need an entire thread devoted to this thing.
Now the first shocking revelation?

Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.

WTF. Who does that?!

A Linux engineer tasked with conducting an impact assessment on behalf of a client who uses Epik’s services told the Daily Dot that the breach was one of the worst he had ever seen. The engineer did not have permission to speak about the breach by his employer and was granted anonymity by the Daily Dot.

“They are fully compromised end-to-end,” they said. “Maybe the worst I’ve ever seen in my 20-year career.”

Just in case anyone is unfamiliar with it. EPIK is (was) the place Nazi’s, alt-right, and GOP went to get their stuff hosted when kicked off other platforms.

Ah. So nothing of value was lost, then?

Nope. Hopefully it takes some horrible people down.

a decade’s worth of data from the company” has been obtained, including all domain purchases, domain transfers, and unredacted website registration data that could shed light on individuals and groups behind extremist or hate sites.

“This dataset is all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody,” the hacker boasted in announcing the attack.

Not even Enigma machine algorithm on the data, sad.

God, I thought maybe it was some game service like steam I might have bought a game off of once.

I’m just not up to date on which [EPIC | Epik] sells games and which is a right wing site.

So good news in retrospect! I’ll lowercase epic to reduce that kind of confusion :)

I thought it was a hospital system that I think goes by the same name. Much better to read what it actually is.

Lots of people. Still.

Yep that’s right. Our hospital systems all use “Epic” with a “c” as well.

I think that system is all over. That would be a massive hack if it ever happened.

The guy’s name is Robert Monster? REALLY?!

That Epic is huge, I know people who’ve worked for them

I want someone with more patience than me to comb through this big dataset and start providing names and such.

If this part is true, those guys were real idiots. This doesn’t make a lot of sense unless they were so cheap they did not hire a single person who knew the slightest thing about security:

The pool of available applicants is probably pretty small.

You know, if such data was easily accessible to me, well, I’m the kind of guy who will download and run various data transformations on CDC data, census bureau data, who on a whim would download both and cross reference them to find an approximate ratio of GOP to Dem voters being infected and dying of Covid on a whim because I found Neal DeGrasse Tysons simplistic 5x answer unsatisfying and wanted to do a better quantitative analysis for myself.

But I would also see things I would be happier not seeing, such as the depths of depravity and hatred of the far right and, ugh.

Still would I do a search to cross reference all names stored with a list of current GOP politicians in the house and senate? Yeah, maybe.

I’d give that better than even odds.

This is a very common theme for the far right. Except you can expand it to really anything, not just security.

After the fail of the Panama Papers (it was, right?), I’m not sure pulling the data apart is going to do much.

I mean, so far, no real news coverage other than a few tech/nerd sites. I’m gonna guess this turns out to be not much.