The hacking collective Anonymous last week claimed to have stolen and leaked reams of data held by Epik, a website hosting firm popular with far-right organizations like the Proud Boys.
The more than 150 gigabytes of data swept up in the breach shine a light on years of online activities from far-right groups, including those who tried to overturn the 2020 presidential election. While researchers are still sifting through the data, Epik has historically provided web hosting services to an array of conspiracy theorists, and for conservative media networks like Parler and Gab.
The breach also undercuts Epik’s pledge to customers that it can safeguard their anonymity, no matter what dangerous conspiracy theories they spread online. For that reason, experts told CNN the hack could have repercussions for how far-right groups organize and try to protect themselves online.
“A breach like this will force some of these actors to find security providers outside of North America to possibly step up their security game,” Gabriella Coleman, a professor of anthropology at Harvard University, told CNN. Coleman said the data dump “confirmed a lot of the details of the far-right ecosystem.”
Emily Crose, a cybersecurity analyst who studies online extremism, said the breach “will be another factor causing paranoia among far-right communities online.” Crose said those groups already feel like they’re under surveillance, given their violent attempts to overturn the 2020 presidential election.
Emma Best, co-founder of Distributed Denial of Secrets, a non-profit that itself has published hacktivist data, said researchers could be poring over the Epik leaks for months for clues into how different people and far-right organizations are linked.
The breach was first reported by freelance journalist Steven Monacelli.
In a statement to CNN on Tuesday night, Epik said the information that Anonymous released included data on 15 million people that was already public.
“Epik has been a trusted resource for many years and our highest priority will always be security and privacy,” the firm said.
Epik said in a statement last week that it had “deployed multiple cyber security teams” to remediate the breach. The company, which is based in the Seattle area, tried to assure customers that “our highest priority will always be your security and privacy.”
Troy Hunt, an Australian cybersecurity consultant, said numerous people who are not Epik customers also had their data compromised in the hack. That’s because Epik has apparently been collecting third-party data that is publicly available on the internet, according to Hunt.
Hunt, who runs a service that informs people if their email addresses have been exposed in data breaches, told CNN that about 100,000 of his subscribers had been affected by the Epik hack.
“It’s a very salacious, messy situation,” Hunt said. “Amongst all this, there’s a whole bunch of people” who still haven’t been notified that their information was compromised, he added.
This story has been updated with a statement from Epik.
CORRECTION: This story has been corrected to accurately reflect a quote from Gabriella Coleman.