We’re gonna need an entire thread devoted to this thing.
Now the first shocking revelation?
Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.
WTF. Who does that?!
A Linux engineer tasked with conducting an impact assessment on behalf of a client who uses Epik’s services told the Daily Dot that the breach was one of the worst he had ever seen. The engineer did not have permission to speak about the breach by his employer and was granted anonymity by the Daily Dot.
“They are fully compromised end-to-end,” they said. “Maybe the worst I’ve ever seen in my 20-year career.”