On September 13, Epik, a known domain registrar, was allegedly breached by Anonymous hacktivists, who leaked over 150 GB of stolen data online.
The news took the company by surprise. In an initial statement, Epik said it was not aware of any breach. However, on September 18, the hosting company tweeted a security notice.
“On September 15, we confirmed that certain customer account information for our domain-related systems was accessed and downloaded by unauthorized parties,” Epik said.
As it turns out, the leaked data also contained over 15 million email addresses from both Epik customers and non-customers.
It appears that the online service provider scraped WHOIS public domain records, storing contact information of individuals who had never been in direct contact with Epik.
According to an ArsTechnica analysis, the leaked WHOIS data file contained 16 GB of non-customer information, including emails, IP addresses, domains, physical addresses and phone numbers.
While anyone with access to a computer could have scraped WHOIS data, the bulk of the information could be exploited by threat actors to target individuals with no affiliation whatsoever to Epik.
Earlier this week, Epik started emailing a security notice urging impacted individuals to watch out for unusual activity on their accounts.
Although no credit card or password information is known to have been compromised, the company advises maximum caution.
“We are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services – this may include payment information including credit card numbers, registered names, usernames, emails, and passwords,” Epik’s email notice reads.
The company has not confirmed whether credit card information and passwords were also compromised. However, it encourages customers to “contact any credit card companies that you used to transact with Epik and notify them of a potential data compromise to discuss your options with them directly.”
Vigilance, monitoring and security checks
Users and non-users take proactive measures to protect their information and monitor their accounts for suspicious activity.
Epik customers should change their passwords and continue to monitor financial accounts. Since non-customer data was leaked, individuals should keep a close eye on their Inboxes for phishing emails, spam, DMs on social media and texts. It’s also a good idea to review any online accounts you might have overshared information with, deleting any additional and non-required data.
For more details on how to protect your data in the aftermath of a data breach, go here.
Are you a data breach victim? Time to find out with Bitdefender’s Digital Identity Protection. Take control of your digital identity with ongoing data breach monitoring for up to five email addresses and alerts to help you control and minimize possible side effects. On top of continuous tracking of leaked personal information in legal and illegal collections, you get expert recommendations on how to fix security issues and even alerts on fake online profiles that may have been set up using your info.