In the wake of the recent hack of domain registrar and hosting company Epik, Tech Crunch is reporting that a critical flaw in its software infrastructure was exposed several weeks before the hack took place.
From Tech Crunch:
In a statement attached to a torrent file of the dumped data this week, the group said the 180 gigabytes amounts to a “decade’s worth” of company data, including “all that’s needed to trace actual ownership and management” of the company. The group claimed to have customer payment histories, domain purchases and transfers, and passwords, credentials and employee mailboxes. The cache of stolen data also contains files from the company’s internal web servers, and databases that contain customer records for domains that are registered with Epik.
Epik initially told reporters it was unaware of a breach, but an email sent out by founder and chief executive Robert Monster on Wednesday alerted users to an “alleged security incident.” However, TechCrunch has since learned that Epik was warned of a critical security flaw weeks before its breach.
Security researcher Corben Leo contacted Epik’s chief executive Monster over LinkedIn in January about a security vulnerability on the web host’s website. Leo asked if the company had a bug bounty or a way to report the vulnerability. LinkedIn showed Monster had read the message but did not respond.