Epik Data Breach
Epik Domain Registrar Breach (2021): 15 Million Customer Records Including Purchase History Exposed via Anonymous
Domain registrar and web services company.
Risk Interpretation
High risk. Exposure can enable domain hijacking, phishing, account takeover, and targeted attacks against site owners. Domain ownership data also helps map organizations and politically sensitive operators.
Impact & Downstream Threats
In September 2021 hacktivists affiliated with Anonymous announced they had exfiltrated approximately 180 gigabytes of Epik data as part of Operation Jane — a campaign protesting Texas Senate Bill 8, the restrictive abortion law. The data, described as a decade's worth of records, included domain purchase histories, account credentials, payment histories, employee emails, and WHOIS registration data for domains hosted or registered through Epik. It was published through DDoSecrets. Epik initially
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Epik, a Washington state-based domain registrar known for hosting far-right and deplatformed websites, was breached by hacktivists affiliated with Anonymous as part of a campaign called Operation Jane, which protested Texas Senate Bill 8. Attackers exploited a server misconfiguration to exfiltrate approximately 180 gigabytes of data, later published through the transparency collective DDoSecrets. The leak was described as containing roughly a decade's worth of internal records. Approximately 15 million individuals were affected, including many who were never Epik customers, because the company had stored large volumes of scraped WHOIS registration data, centralizing contact details that were technically public but not intended to exist in a single, searchable trove. Exposed data included names, email addresses, phone numbers, physical addresses, domain purchase histories, and payment records. Researchers reviewing the leaked files reported finding full credit card numbers, unencrypted passwords, and CVV codes, the three- or four-digit card security numbers that payment industry rules strictly prohibit storing. For affected individuals, the risks extend beyond typical credential theft. Domain ownership records in the dump allow outside parties to map the operators of politically sensitive or extremist websites, creating potential for targeted harassment, doxxing, and retaliation. Anyone whose contact details appeared in Epik's WHOIS data, regardless of whether they knowingly used Epik, faces that exposure. Epik initially denied that any breach had occurred before eventually acknowledging an incident. CEO Rob Monster had reportedly received a warning about a critical security vulnerability months earlier but dismissed it as spam. No significant regulatory action against Epik was publicly confirmed following the breach. Affected individuals, particularly those who registered domains for sensitive or politically contentious projects, should treat their contact details as compromised and remain alert to phishing attempts, account takeover attacks, and targeted outreach from hostile actors.
About Epik
Epik is a Washington state-based domain registrar and web hosting company that gained notoriety for providing services to far-right, extremist, and deplatformed websites after mainstream providers refused to host them. Its client roster included Gab, Parler, 8chan, and various other platforms that had been removed from services like GoDaddy. CEO Rob Monster positioned Epik as a free speech-oriented host, describing the company as "the Swiss bank of the domain industry." The company continues to operate.
Why They Hold Your Data
Domain registrars and hosting providers collect registrant identity, contact data, billing records, domain ownership details, support tickets, and infrastructure-linked account information.
Recent Developments
Following the 2021 hack, Epik acknowledged serious security deficiencies and attributed vulnerabilities to outdated code from a previous development team. Rob Monster, Epik's founder, stepped back from day-to-day operations in subsequent years. The company has maintained a lower public profile while continuing to provide domain and hosting services. Its associations with far-right and extremist content hosts have continued to generate periodic media attention.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, full_name, phone_number, physical_address, physical_address:home, transaction_history:purchase
Dark Web Verification
- Dataset containing ~15.0M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: epik-2021;Epik Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Epik
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam