Epik 2021 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
Epik Domain Registrar Breach (2021): 15 Million Customer Records Including Purchase History Exposed via Anonymous
Domain registrar and web services company.
Verified by ObscureIQ Intelligence
48/100Breach Risk Index
10Data Value
40Market Recency
250dSince Breach
Breach Intelligence Summary
Entity: Epik · Actor: Anonymous · Sources: 4 references
Attack: Misconfiguration
Profile: Company · Domain registration and web services · Domain registrar and hosting provider · USA
Timeline: Breach (2021-09-13) · Indexed (Aug 20, 2025) · Year (2021)
Exposure: 15.0M records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Transaction History
Status: Confirmed
Executive Summary
Epik, a Washington state-based domain registrar known for hosting far-right and deplatformed websites, was breached by hacktivists affiliated with Anonymous as part of a campaign called Operation Jane, which protested Texas Senate Bill 8. Attackers exploited a server misconfiguration to exfiltrate approximately 180 gigabytes of data, later published through the transparency collective DDoSecrets. The leak was described as containing roughly a decade's worth of internal records. Approximately 15 million individuals were affected, including many who were never Epik customers, because the company had stored large volumes of scraped WHOIS registration data, centralizing contact details that were technically public but not intended to exist in a single, searchable trove. Exposed data included names, email addresses, phone numbers, physical addresses, domain purchase histories, and payment records. Researchers reviewing the leaked files reported finding full credit card numbers, unencrypted passwords, and CVV codes, the three- or four-digit card security numbers that payment industry rules strictly prohibit storing. For affected individuals, the risks extend beyond typical credential theft. Domain ownership records in the dump allow outside parties to map the operators of politically sensitive or extremist websites, creating potential for targeted harassment, doxxing, and retaliation. Anyone whose contact details appeared in Epik's WHOIS data, regardless of whether they knowingly used Epik, faces that exposure. Epik initially denied that any breach had occurred before eventually acknowledging an incident. CEO Rob Monster had reportedly received a warning about a critical security vulnerability months earlier but dismissed it as spam. No significant regulatory action against Epik was publicly confirmed following the breach. Affected individuals, particularly those who registered domains for sensitive or politically contentious projects, should treat their contact details as compromised and remain alert to phishing attempts, account takeover attacks, and targeted outreach from hostile actors.
ObscureIQ assessment: High risk. Exposure can enable domain hijacking, phishing, account takeover, and targeted attacks against site owners. Domain ownership data also helps map organizations and politically sensitive operators.
Breach Impact
In September 2021 hacktivists affiliated with Anonymous announced they had exfiltrated approximately 180 gigabytes of Epik data as part of Operation Jane — a campaign protesting Texas Senate Bill 8, the restrictive abortion law. The data, described as a decade's worth of records, included domain purchase histories, account credentials, payment histories, employee emails, and WHOIS registration data for domains hosted or registered through Epik. It was published through DDoSecrets. Epik initially denied any breach had occurred. When CEO Rob Monster publicly addressed the incident, he did so via a chaotic four-hour video prayer session — widely described by journalists as one of the strangest corporate responses to a security incident on record — during which he warned participants the stolen data was "cursed" and recited prayers to ward off demons. A security researcher had reported a critical remote code execution vulnerability to Monster months before the breach; Monster later acknowledged he had mistaken the message for spam. The exposure of customer registration data for extremist and far-right websites allowed researchers and journalists to trace connections among operators of such sites — an outcome the hacktivists had explicitly intended.
About Epik
Epik is a Washington state-based domain registrar and web hosting company that gained notoriety for providing services to far-right, extremist, and deplatformed websites after mainstream providers refused to host them. Its client roster included Gab, Parler, 8chan, and various other platforms that had been removed from services like GoDaddy. CEO Rob Monster positioned Epik as a free speech-oriented host, describing the company as "the Swiss bank of the domain industry." The company continues to operate.
Why They Hold Your Data
Domain registrars and hosting providers collect registrant identity, contact data, billing records, domain ownership details, support tickets, and infrastructure-linked account information.
Recent Developments
Following the 2021 hack, Epik acknowledged serious security deficiencies and attributed vulnerabilities to outdated code from a previous development team. Rob Monster, Epik's founder, stepped back from day-to-day operations in subsequent years. The company has maintained a lower public profile while continuing to provide domain and hosting services. Its associations with far-right and extremist content hosts have continued to generate periodic media attention.
Data Points Exposed
5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Transaction History High
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
- Home targeting, stalking & physical threat
- Lifestyle profiling & targeted fraud
Threat Actor: Anonymous
Anonymous
Misconfiguration
Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Epik breach?▾
Epik, a Washington state-based domain registrar known for hosting far-right and deplatformed websites, was breached by hacktivists affiliated with Anonymous as part of a campaign called Operation Jane, which protested Texas Senate Bill 8. Attackers exploited a server misconfiguration to exfiltrate…
What data was exposed?▾
Verified fields include Email Address, Full Name, Phone Number, Physical Address, Transaction History.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Breach Index
Cross-source
BreachForums_Official_Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation