Controversial Sammamish web-hosting company falls victim to ‘massive’ hack
Epik, a Sammamish-based hosting company known for its hosting of several controversial websites, was reportedly hacked last week.
Epik has often been viewed as a refuge for websites that have run afoul of their previous providers, having briefly hosted the likes of 8chan, the Daily Stormer, and the Texas Right to Life group, among others. While the company no longer hosts those sites, its recent hack — alleged to be the work of Anonymous — is being described by some as “a Rosetta Stone to the far-right,” according to a report from the Washington Post.
“It’s massive,” Elon University researcher Megan Squire told the Post. “It may be the biggest domain-style leak I’ve seen and, as an extremism researcher, it’s certainly the most interesting.”
The files taken and then subsequently leaked by hackers are said to include purchase records dating back years, internal Epik emails, credentials for customer accounts, and in some cases, the identities and other personal information of people running a handful of extremist websites. That included information on a prominent “Stop the Steal” organizer, who had attempted to conceal his role in running “dozens and dozens of websites calling the 2020 election stolen” following the Jan. 6 riot at the U.S. Capitol, according to the Daily Dot.
The hosting company initially denied knowledge of the hack, stating at first that it was “not aware of any breach.” Epik CEO Robert Monster later walked that back, admitting in a livestream that aired last week that there had indeed been “a hijack of data.”
The company last made headlines in early 2021 when Parler briefly registered its domain name with Epik, after Amazon Web Services kicked the social media platform off its own servers. AWS had cited a “steady increase” in troubling and potentially inciting content on Parler leading up to Jan. 6, with many of its users advocating for violence against opponents of then-President Donald Trump.
Epik later clarified that it had “no connection or discussions” with Parler, and that the platform’s domain registration had occurred as part of an unmonitored “automated” process.