Epik’s massive data breach is already affecting lives. Today the Washington Post describes a real estate agent in Pompano Beach who urged buyers on Facebook to move to “the most beautiful State.” His name and personal details “were found on invoices suggesting he had once paid for websites with names such as racisminc.com, whitesencyclopedia.com, christiansagainstisrael.com and theholocaustisfake.com”. The real estate brokerage where he worked then dropped him as an agent. The brokerage’s owner told the Post they didn’t “want to be involved with anyone with thoughts or motives like that.”
“Some users appear to have relied on Epik to lead a double life,” the Post reports, “with several revelations so far involving people with innocuous day jobs who were purportedly purveyors of hate online.” (Alternate URL here.) Epik, based outside Seattle, said in a data-breach notice filed with Maine’s attorney general this week that 110,000 people had been affected nationwide by having their financial account and credit card numbers, passwords and security codes exposed…. Heidi Beirich, a veteran researcher of hate and extremism, said she is used to spending weeks or months doing “the detective work” trying to decipher who is behind a single extremist domain. The Epik data set, she said, “is like somebody has just handed you all the detective work — the names, the people behind the accounts…”
Many website owners who trusted Epik to keep their identities hidden were exposed, but some who took additional precautions, such as paying in bitcoin and using fake names, remain anonymous….
Aubrey “Kirtaner” Cottle, a security researcher and co-founder of Anonymous, declined to share information about the hack’s origins but said it was fueled by hackers’ frustrations over Epik serving as a refuge for far-right extremists. “Everyone is tired of hate,” Cottle said. “There hasn’t been enough pushback, and these far-right players, they play dirty. Nothing is out of bounds for them. And now … the tide is turning, and there’s a swell moving back in their direction.”
Earlier in the week, the Post reported: Since the hack, Epik’s security protocols have been the target of ridicule among researchers, who’ve marveled at the site’s apparent failure to take basic security precautions, such as routine encryption that could have protected data about its customers from becoming public… The hack even exposed the personal records from Anonymize, a privacy service Epik offered to customers wanting to conceal their identity.