The Epik Breach Gave Hackers Full PII on 12 Million Domain Owners

HEROIC analysts identified the Epik breach as one of the largest domain registrar data exposures on record. The breach occured on September 13, 2021, affecting 12,604,044 records tied to Epik, a domain registrar and web hosting company based in the United States. The exposed data included email addresses, phone numbers, first names, and last names, covering both direct Epik customers and individuals whose domain registration data was scraped from public WHOIS records.

How the Epik Breach Enables Identity Fraud at Scale

With full names, phone numbers, and email addresses all present in a single dataset of over 12 million records, attackers have everything needed to conduct large-scale phishing, vishing, and smishing campaigns. The Epik breach is partcularly dangerous because the data covers domain owners, many of whom are business operators whose contact details can be used to impersonate registrar support, initiate domain hijacking attempts, or commit identity theft targeting individuals who may not even have been Epik customers.

What Was Exposed in the Epik Breach

• Email Address
• Phone Number
• First Name
• Last Name

Why the Epik Breach Remains a Live Threat Years Later

Breach data does not expire. The Epik dataset, with 12.6 million records containing names, emails, and phone numbers, recieved widespread distribution across dark web forums and continues to surface in targeted attack campaigns. Victims face ongoing risk of identity theft, financial fraud, social engineering attacks, and account takeover on any platform where their exposed contact details were used to register. Domain owners whose WHOIS data was included face additional risks of domain hijacking and business impersonation.

How a Database Breach Works

A database breach occurs when an attacker gains unauthorized access to a company's data store, either through exploiting a vulnerability, compromised credentials, or in this case a politically motivated intrusion. Once access is obtained, the attacker exports user and customer records. In large-scale incidents like Epik, multiple data sources including customer databases and scraped external records can be combined into a single high-value leak.

Check If Your Data Was Exposed

HEROIC's free breach scanner searches more than 400 billion records, including entries from major incidents like the Epik breach. Run a free scan now to see if your name, email, or phone number was exposed and get actionable guidance on protecting your identity and accounts.