Epik Was Warned About A Large Security Flaw Before Its Data Leaked – Gizmodo

Picture: JOSEP LAGO/AFP (Getty Photographs)

Epik, the controversial internet registrar that incessantly comes under fire for internet hosting far-right teams and people, has had an immense quantity of its knowledge spilled onto the web in current days. The deluge, which reportedly consists of some 180 gigabytes of consumer registration and area info, fee historical past, account credentials and extra, seems to have been stolen throughout a hacking incident involving members of the hacktivist collective Nameless.

Now, a new report from TechCrunch appears to indicate that the corporate was warned a few doubtlessly massive safety flaw in its platform a number of weeks previous to the hack. 

Safety researcher Corben Leo says that he reached out to Epik’s CEO, Rob Monster, in January, to ask if Epik had a bug bounty program or one other approach to report the vulnerability. Monster apparently by no means replied. The hacking incident seems to have occurred roughly a month later, in response to shops who've considered the information.  TechCrunch reports:

Leo advised TechCrunch {that a} library used on Epik’s WHOIS web page for producing PDF studies of public area information had a decade-old vulnerability that allowed anybody to remotely run code straight on the inner server with none authentication, resembling an organization password.

“You may simply paste this [line of code] in there and execute any command on their servers,” Leo advised TechCrunch.

 » Read more from gizmodo.com