The hacker collective Anonymous has reportedly published new data from the controversial web hosting company Epik.
In a press release on Tuesday, the hacktivist group announced what it has referred to as “The / b / Sides” or part two of “Operation EPIK FAIL”.
Anonymous took out credit Earlier this month for violating Epik, which is known to host far-right websites like Gab, Parler, and TheDonald, before releasing a 180GB cache of the domain registrar’s data. The hack affected more than 15 million people and revealed names, physical addresses, passwords, credit card numbers, emails, and more.
Now the hacktivist collective says it leaked “multiple bootable disk images from different systems” in a roughly 70 GB torrent file.
“[Y]You didn’t think we had complete command of epic and just ran away with a couple of databases and a system folder or two, did you? ”The press release said. “We’re anonymous. Bending as hard as possible is the way we do a barrel roll (press Z or R twice!).”
WhiskeyNeon, a Texas-based hacker and cybersecurity expert who checked the file structure of the leak, told the Daily Dot how the disk images represented Epik’s entire server infrastructure.
“Files are one thing, but a virtual machine disk image allows you to power up the entire corporate server yourself,” he said. “We usually see vulnerabilities in database dumps, documents, configuration files, etc. In this case, we’re talking about the entire server image with all of the programs and files required to host the application.”
The data includes API keys and clear text credentials not only for Epik’s system, but also for Coinbase, PayPal and the company’s Twitter account.
After the first leak, Epik initially denied having knowledge of a violation before later admitting that it was “an alleged security incident”.
Epik CEO Rob Monster, who did not respond to requests for comment from the Daily Dot, would hold a live video conference online for more than four hours to address the initial hack. During the meeting, Monster burst into prayers several times, attempted to defeat demons, and warned viewers that their hard drives could go up in flames due to “curses” on the hacked data.
Monster admitted during the call that an unknown person tried to steal $ 100,000 after getting his Coinbase API key.
The leak would expose everything from right-wing domains attacked with subpoenas and attempts by Conservative Ali Alexander to hide his connections to conspiracy websites for election fraud following the January 6th Capitol Riot.
The second Epik data leak comes just days after the Oath Keepers militia, a group that began using Epik’s services in January, was also allegedly hacked. The paramilitary group’s emails, internal chats, and information about members and donors, including those who work for the US government and the military, would be exposed.
Read more about the far right
* First published: 09/29/2021, 2:55 p.m. CDT
Mikael Thalen is a Seattle-based tech and security reporter covering social media, privacy breaches, hackers, and more.