More on the Hack
A Linux engineer tasked with conducting an impact assessment on behalf of a client who uses Epik’s services told the Daily Dot that the breach was one of the worst he had ever seen. The engineer did not have permission to speak about the breach by his employer and was granted anonymity by the Daily Dot.
“They are fully compromised end-to-end,” they said. “Maybe the worst I’ve ever seen in my 20-year career.”
The engineer pointed the Daily Dot to what they described as Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.
The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.
“They are fully compromised end-to-end,” they said. “Maybe the worst I’ve ever seen in my 20-year career.”
The engineer pointed the Daily Dot to what they described as Epik’s “entire primary database,” which contains hosting account usernames and passwords, SSH keys, and even some credit card numbers—all stored in plaintext.
The data also includes Auth-Codes, passcodes that are needed to transfer a domain name between registrars. The engineer stated that with all the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.
Comment