Epik breach includes 15 million email addresses belonging to unaffiliated individuals

Published 9/29/21, 9:00am

The recent attack on Epik, a domain name registrar and web hosting service, resulted in the leak of 180 GB of data belonging to customers and systems—a “decade’s worth of data from the company,” according to the hackers. Customers of Epik include 8chan, a forum with a reputation for lax community guidelines and frequent threads promoting mass shootings, hate crimes, and white supremacism.

Recent additional details on the breach suggest that another 15 million unique email addresses from individuals that were both affiliated and unaffiliated with Epik were also captured. The email addresses had been scraped and stored by Epik from “WhoIs” queries from other domain name registrars. This email data also includes names, phone numbers, physical addresses, purchases, and passwords. Some unaffiliated victims are expressing concerns that they could be falsely portrayed as having an affiliation with Epik, suggesting that they may take legal action against Epik for harvesting and storing data on non-customers.

Next Steps

Individuals affected by the Epik breach are advised to change their passwords and contact any credit card companies to notify them that personal credit information may have been compromised. Victims are also being advised to watch out for phishing emails and banking scams.