alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[bmugford]

Makes no sense....

2hrs ago..

https://twitter.com/x/status/1439224134878310405

43 min ago...

https://twitter.com/x/status/1439264079290507270

Cybersecurity, brought to you by thoughts and prayers.

I don't know about you, but I would rather have qualified people in the role.

Epik has still basically taken no responsibly in their failure to safeguard customer's data. Not only that, they just seem to be ignoring how complete and disastrous this hack was in the first place.

https://www.wired.com/story/anonymous-leaked-data-from-right-wing-web-host-epik/

Ignore, deflect, blame is not going to work.

At this point, how could even the biggest Epik supporters feel comfortable with their response? They are basically leaving customers out there on their own with no further information or guidance on what they should be doing.

Brad

 

[Start]

Hmm. What is going on there?

Brad

Maybe it's junk domains in lower quality TLDs that were registered for like 99cents last year. I've seen a lot of junk domains in their Daily Diamonds.

Even right now, there are dozens of domains like this:

livelyaboulevard.xyz

that will be in redemption in a few days.

 

[oldtimer]

In my opinion everyone here is overreacting to this situation.

Hackers have different motives for doing what they do.

Some are motivated by financial gains and some are motivated by ideology and politics. And some just want to monitor certain companies and organizations and never reveal that they have hacked their systems which could go on for years without anyone noticing and could be harmless if done by friendlies or very harmful if done by hostile adversaries.

But, hacktivists always have to be able to present some justification for their actions as to not be considered terrorists or saboteurs and spies by the Authorities because although they might be anonymous to the general public, but they are not so anonymous to the those who are in the know.

In my opinion the motive here has been more to punish rather than to destroy hence the fact that hackers have gone out of their way to protect most credit card and password info.

I don’t believe that the average innocent customer should worry too much about their credit cards or domains and should not have any fear of losing anything. Although if you are the kind of person who enjoys inflicting pain onto others then you probably need to be a little scared.

I am very optimistic that Epik can get back on their feet once they have reevaluated their whole company strategy and changed how and with whom they are doing business with.

IMO

No further comments.

 

[bmugford]

Maybe it's junk domains in lower quality TLDs that were registered for like 99cents last year. I've seen a lot of junk domains in their Daily Diamonds.

Even right now, there are dozens of domains like this:

livelyaboulevard.xyz

The math doesn't seem to work out. Almost half their total registered domains are junk and deleting?

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

Registered domains 612,936
Global market share 0.12%
Signed zones 19,548
Upcoming deletes 279,329 (45.57%)

If you look at more detail the only extensions that show substantial registration volume (above 20k) are -

COM - 327,803
CO - 151,131
ORG - 26,307
INFO - 25,646

Something is not adding up.

Brad

 

[bmugford]

In my opinion everyone here is overreacting to this situation.

Hackers have different motives for doing what they do.

Some are motivated by financial gains and some are motivated by ideology and politics. And some just want to monitor certain companies and organizations and never reveal that they have hacked their systems which could go on for years without anyone noticing and could be harmless if done by friendlies or very harmful if done by hostile adversaries.

But, hacktivists always have to be able to present some justification for their actions as to not be considered terrorists or saboteurs and spies by the Authorities because although they might be anonymous to the general public, but they are not so anonymous to the those who are in the know.

In my opinion the motive here has been more to punish rather than to destroy hence the fact that hackers have gone out of their way to protect most credit card and password info.

I don’t believe that the average innocent customer should worry too much about their credit cards or domains and should not have any fear of losing anything. Although if you are the kind of person who enjoys inflicting pain onto others then you probably need to be a little scared.

I am very optimistic that Epik can get back on their feet once they have reevaluated their whole company strategy and changed how and with whom they are doing business with.

IMO

No further comments.

Overreacting? To what appears to be one of the most complete data breaches?
One that seems to involve a lot of poor security practices by Epik.

Gee, that is really reassuring that the hackers have decided to not inflict maximum damage on the customers, though they could if they wanted. That is the point.

I am not sure how anyone could feel comfortable with this company after Epik's (lack of) response to the situation.

Brad

 

[Future Sensors]

https://www.troyhunt.com/weekly-update-261/

Weekly Update 261

Never a dull moment! [...] A few other random things in this weeks vid, the one worth following up on here though is the promised tweet about how to handle the Epik breach and the result so far is, well, let's just say I think I nailed the public sentiment in the video [...]​

 

[johnn]

Overracting? Epik fans should open their eyes for the way they treat the customers.
No posting no update nothing for days the only thing he cares is spamming new registration for $6.99 and praying?

He is not a normal/regular employee, he is the CEO.
Give me a break.

 

[Altetra]

I have read the whole thread.
Steps to be taken if you are with Epik.

1. change password
2. add 2FA
3. set limits to your CC

Also do you really think those hackers Aubrey and Kirtaner will get out dry? If they will touch peoples money many arrests will happen, FBI will get them in their basements and get their weed out of their empty heads!

 

[Jurgen Wolf]

See comparable registrar: https://domainnamestat.com/statistics/registrar/Porkbun_LLC-IANA_ID-1861

Upcoming deletes 4,046 (0.55%)

 

[kam]

praying?

Believe in god and you will not be conquered by fear but love conquers all.

 

[bmugford]

See comparable registrar: https://domainnamestat.com/statistics/registrar/Porkbun_LLC-IANA_ID-1861

Upcoming deletes 4,046 (0.55%)

Again, something is not adding up here.

Brad

 

[johnn]

Believe in god and you will not be conquered by fear but love conquers all.

You don't open the business, mess up the customers and pray.

 

[Jurgen Wolf]

And Porkbun as of now has ~37K .xyz and 10K .TOP
So issue is definitely not with those TLDs.

 

[DN_Hunter]

Has anyone been able to Transfer OUT using the APPROVE TRANSFER button? Right now when I hit the APPROVE Transfer button, I get a message that says
"Currently approve is not available"

I emailed EPIK support, and they replied with the following:

======================================================
For security reasons, domain transfer approval has been disabled.

If you may provide us your Epik Account PIN # as well as the 2 domains, we'll get this done for you.
=====================================================

So I provided the information they requested. Hope they can move the transfers along ASAP.

 

[Jurgen Wolf]

It is not mandatory to approve it immediately.
Transfer will be approved/finished automatically on 6th day. It is pending at REGISTRY level...

 

[dirk]

Hmm. What is going on there?

Brad

Regarding the deletes coming up. They ran some good promos, $1 .co, $1.99 info, $1.99 .realty if not mistaken past year.

Most of them are obviously not going to be renewed.

Regarding transfers, @Bob Hawkes in the other thread:

It seems that the auth code for transfer is no longer available directly from site, but only via email (a change from the past). Other registrars I deal with some you can get codes from site, and others only via admin email. In past Epik allowed both. Clearly only email a bit more secure, but immediately on site is more convenient.

Also, at least for me this morning, it does not allow fast approval via the email link (it asks me if I want to approve, but says approval is not allowed at this time). I did not check with customer service if there are ways around this, it is something temporary, or something particular to my transfer (I was just transferring one name, and don't mind if I do end up needing to wait the 5d).

I have 100+ names at Epik, I do not have immediate plans to move most out, will wait and see details and the response. I use 10 different registrars, with most on 4, so it is not like all my names at any registrar.

 

[topdom]

https://domainnamestat.com/statistics/registrar/Epik_Inc_-IANA_ID-617

Upcoming deletes 279,329 (45.57%)

It could mean 14 months ago there was a big discount for registrations. For example, ~1 USD for .co, .info, .xyz, .top .

 

[Jurgen Wolf]

They ran some good promos, $1 .co, $1.99 info, $1.99 .realty if not mistaken past year.

Yes, but they don't have such HUGE volume in these TLDs.
See numbers above...

 

[Beezy]

1. | (substring_index(domain,'.',-1)) | count(*) |
2. +----------------------------------+----------+
3. | COM | 837124 |
4. | co | 154727 |
5. | TOP | 72803 |
6. | XYZ | 53484 |
7. | NET | 50892 |
8. | info | 46693 |
9. | ORG | 34105 |
10. | LONDON | 28444 |
11. | CITY | 23040 |
12. | BOSTON | 17011 |
13. | realty | 16287 |
14. | us | 15428 |
15. | IN | 13869 |
16. | VC | 9400 |
17. | ICU | 6199 |
18. | FIT | 6047 |
19. | WEDDING | 5839 |
20. | WORK | 5744 |
21. | FASHION | 5475 |
22. | IT | 4740 |
23. | best | 4711 |
24. | GDN | 3825 |
25. | LAW | 3582 |
26. | UK | 3297 |
27. | BIZ | 3100 |
28. | TV | 2940 |
29. | NL | 2817 |
30. | EXPERT | 2163 |
31. | BAYERN | 2000 |
32. | MIAMI | 1898 |
33. | ME | 1885 |
34. | ca | 1734 |
35. | CLICK | 1265 |
36. | cc | 1262 |
37. | IO | 1256 |
38. | BIBLE | 1185 |
39. | MOBI | 1111 |
40. | uno | 1094 |
41. | TODAY | 1089 |
42. | MELBOURNE | 1050 |
43. | NRW | 1001 |
44. | WORLD | 940 |
45. | LIFE | 916 |
46. | au | 799 |
47. | SYDNEY | 797 |
48. | COOL | 644 |
49. | MENU | 593 |
50. | O | 540 |
51. | TUBE | 538 |
52. | LIVE | 496 |
53. | st | 478 |
54. | SITE | 453 |
55. | CAPITAL | 448 |
56. | WS | 415 |
57. | WINE | 396 |
58. | COIN | 392 |
59. | MX | 388 |
60. | news | 373 |
61. | fr | 356 |
62. | SHOP | 350 |
63. | TRUTH | 338 |
64. | EMAIL | 331 |
65. | app | 312 |
66. | PRO | 311 |
67. | de | 296 |
68. | CAFE | 286 |
69. | CLUB | 279 |
70. | TRAVEL | 253 |
71. | FUN | 249 |
72. | MONSTER | 246 |
73. | PW | 240 |
74. | CH | 239 |
75. | AGENCY | 237 |
76. | network | 229 |
77. | one | 227 |
78. | LAWYER | 218 |
79. | BUSINESS | 217 |
80. | MEDIA | 214 |
81. | online | 212 |
82. | ROCKS | 212 |
83. | GEEK | 209 |
84. | bet | 205 |
85. | cz | 204 |
86. | ATTORNEY | 202 |
87. | EXCHANGE | 197 |
88. | center | 187 |
89. | MONEY | 184 |
90. | CLOUD | 182 |
91. | BE | 172 |
92. | HOUSE | 170 |
93. | FORSALE | 168 |
94. | es | 168 |
95. | SOLUTIONS | 166 |
96. | BIT | 166 |
97. | EU | 165 |
98. | ESTATE | 163 |
99. | WEBSITE | 162 |
100. | PROPERTIES | 156 |
101. | STORE | 152 |
102. | SPACE | 152 |
103. | MARKET | 152 |
104. | link | 150 |
105. | COMPUTER | 150 |
106. | PH | 148 |
107. | FINANCE | 144 |
108. | DOMAINS | 141 |
109. | ENERGY | 138 |
110. | dev | 135 |
111. | SERVICES | 128 |
112. | RENTALS | 126 |
113. | DIGITAL | 125 |
114. | AE | 124 |
115. | LEGAL | 124 |
116. | br | 122 |
117. | ASIA | 121 |
118. | group | 120 |
119. | MARKETING | 120 |
120. | FINANCIAL | 120 |
121. | cx | 119 |
122. | LOANS | 116 |
123. | ZA | 115 |
124. | cyou | 113 |
125. | DIRECTORY | 113 |
126. | NZ | 112 |
127. | MARKETS | 110 |
128. | LAND | 106 |
129. | GURU | 106 |
130. | DOCTOR | 105 |
131. | academy | 105 |
132. | TECH | 104 |
133. | LEASE | 103 |
134. | gold | 102 |
135. | FUND | 101 |
136. | golf | 101 |
137. | CHAT | 98 |
138. | COFFEE | 95 |
139. | AUCTION | 92 |
140. | at | 86 |
141. | ipfs | 86 |
142. | BBS | 85 |
143. | HEALTH | 85 |
144. | ZONE | 84 |
145. | credit | 84 |
146. | INDUSTRIES | 82 |
147. | SYSTEMS | 81 |
148. | TECHNOLOGY | 81 |
149. | CASH | 81 |
150. | COMPANY | 80 |
151. | PROPERTY | 79 |
152. | FARM | 78 |
153. | FYI | 78 |
154. | DIRECT | 77 |
155. | WORKS | 76 |
156. | CL | 76 |
157. | TEL | 75 |
158. | casino | 73 |
159. | PL | 72 |
160. | VENTURES | 71 |
161. | wtf | 71 |
162. | watch | 70 |
163. | DATING | 70 |
164. | CHEAP | 69 |
165. | social | 67 |
166. | MN | 67 |
167. | GLOBAL | 66 |
168. | ETH | 65 |
169. | TIPS | 65 |
170. | REISE | 64 |
171. | contact | 64 |
172. | INTERNATIONAL | 63 |
173. | onl | 63 |
174. | SOFTWARE | 60 |
175. | BARGAINS | 60 |
176. | oz | 58 |
177. | TOYS | 58 |
178. | CONSULTING | 58 |
179. | DEALS | 57 |
180. | TAX | 57 |
181. | NAME | 57 |
182. | SINGLES | 57 |
183. | PHOTOS | 56 |
184. | UNIVERSITY | 55 |
185. | DELIVERY | 54 |
186. | AI | 53 |
187. | MS | 52 |
188. | GUIDE | 52 |
189. | COACH | 51 |
190. | CASA | 51 |
191. | TOOLS | 50 |
192. | APARTMENTS | 50 |
193. | ac | 49 |
194. | express | 48 |
195. | SOLAR | 48 |
196. | PARTNERS | 48 |
197. | win | 47 |
198. | SUPPORT | 45 |
199. | FM | 45 |
200. | CLOTHING | 45 |
201. | boutique | 44 |
202. | CN | 44 |
203. | PRESS | 43 |
204. | LA | 43 |
205. | GRATIS | 43 |
206. | CAM | 42 |
207. | TOURS | 42 |
208. | flights | 42 |
209. | LTD | 42 |
210. | INVESTMENTS | 42 |
211. | CHURCH | 41 |
212. | VIP | 41 |
213. | LIMITED | 41 |
214. | MANAGEMENT | 40 |
215. | GALLERY | 39 |
216. | ORGANIC | 39 |
217. | pt | 39 |
218. | CATERING | 39 |
219. | ART | 39 |
220. | SKI | 38 |
221. | events | 38 |
222. | FITNESS | 38 |
223. | BIKE | 38 |
224. | REVIEWS | 37 |
225. | EXPOSED | 37 |
226. | LC | 37 |
227. | codes | 37 |
228. | VIDEO | 37 |
229. | DESIGN | 37 |
230. | MORTGAGE | 36 |
231. | DIAMONDS | 36 |
232. | SCIENCE | 36 |
233. | CARE | 36 |
234. | SUPPLY | 35 |
235. | ENGINEERING | 35 |
236. | FOUNDATION | 35 |
237. | CONTRACTORS | 35 |
238. | SHOW | 35 |
239. | game | 34 |
240. | team | 34 |
241. | run | 34 |
242. | NINJA | 33 |
243. | PLUS | 33 |
244. | HOLDINGS | 33 |
245. | LIB | 33 |
246. | WIKI | 33 |
247. | CONSTRUCTION | 33 |
248. | CM | 32 |
249. | TRAINING | 32 |
250. | INSURE | 32 |
251. | SALE | 31 |
252. | DOG | 31 |
253. | RO | 31 |
254. | productions | 31 |
255. | OSS | 31 |
256. | BLOG | 30 |
257. | ENTERPRISES | 30 |
258. | PLUMBING | 30 |
259. | am | 30 |
260. | coupons | 30 |
261. | PIZZA | 29 |
262. | BAZAR | 29 |
263. | REPAIR | 29 |
264. | EDUCATION | 29 |
265. | help | 29 |
266. | INSTITUTE | 29 |
267. | recipes | 29 |
268. | STYLE | 29 |
269. | BZ | 29 |
270. | report | 28 |
271. | BUILDERS | 28 |
272. | CLINIC | 28 |
273. | SE | 28 |
274. | SUPPLIES | 28 |
275. | BLUE | 28 |
276. | GG | 27 |
277. | ECO | 27 |
278. | JOBS | 27 |
279. | PLACE | 27 |
280. | GS | 27 |
281. | COMMUNITY | 26 |
282. | TOWN | 26 |
283. | PICS | 26 |
284. | PHOTOGRAPHY | 26 |
285. | YOGA | 26 |
286. | PIRATE | 26 |
287. | DENTIST | 26 |
288. | MOVIE | 26 |
289. | claims | 26 |
290. | studio | 25 |
291. | EQUIPMENT | 25 |
292. | PICTURES | 25 |
293. | ACCOUNTANTS | 24 |
294. | TAXI | 24 |
295. | VISION | 24 |
296. | RENT | 24 |
297. | DISCOUNT | 23 |
298. | EMC | 23 |
299. | HOLIDAY | 23 |
300. | LI | 23 |
301. | VACATIONS | 23 |
302. | school | 23 |
303. | CAREERS | 23 |
304. | CONDOS | 23 |
305. | GREEN | 23 |
306. | TRADE | 22 |
307. | SO | 22 |
308. | RESTAURANT | 21 |
309. | hn | 21 |
310. | EARTH | 21 |
311. | GAMES | 21 |
312. | SEXY | 21 |
313. | KITCHEN | 20 |
314. | CARDS | 20 |
315. | TK | 19 |
316. | CRUISES | 19 |
317. | band | 19 |
318. | GD | 19 |
319. | NULL | 19 |
320. | SHOES | 19 |
321. | libre | 19 |
322. | PHOTO | 18 |
323. | SURF | 18 |
324. | VEGAS | 18 |
325. | PE | 18 |
326. | TO | 18 |
327. | GMBH | 18 |
328. | REVIEW | 17 |
329. | haus | 17 |
330. | AG | 17 |
331. | CHAN | 17 |
332. | FUR | 17 |
333. | healthcare | 17 |
334. | NEO | 17 |
335. | RED | 17 |
336. | LOL | 16 |
337. | GIFT | 16 |
338. | HT | 16 |
339. | CAMERA | 16 |
340. | INK | 15 |
341. | TW | 15 |
342. | associates | 15 |
343. | INDY | 15 |
344. | GARDEN | 15 |
345. | ACCOUNTANT | 15 |
346. | PARTS | 15 |
347. | GIFTS | 15 |
348. | LOVE | 14 |
349. | RACING | 14 |
350. | FURNITURE | 14 |
351. | FAMILY | 14 |
352. | ISTANBUL | 14 |
353. | mba | 13 |
354. | DATE | 13 |
355. | COLLEGE | 13 |
356. | FI | 13 |
357. | DYN | 13 |
358. | GL | 13 |
359. | BEER | 13 |
360. | ENGINEER | 13 |
361. | BID | 13 |
362. | BABY | 12 |
363. | LU | 12 |
364. | FAITH | 12 |
365. | VG | 12 |
366. | VILLAS | 12 |
367. | NYC | 12 |
368. | FLORIST | 12 |
369. | il | 12 |
370. | promo | 12 |
371. | LIGHTING | 12 |
372. | FOOTBALL | 12 |
373. | DIET | 12 |
374. | BIO | 12 |
375. | PARODY | 12 |
376. | HOSTING | 11 |
377. | id | 11 |
378. | SHOPPING | 11 |
379. | JETZT | 11 |
380. | PARTY | 11 |
381. | sc | 11 |
382. | CREDITCARD | 11 |
383. | PINK | 11 |
384. | FISH | 11 |
385. | SCHULE | 11 |
386. | ARMY | 11 |
387. | WEBCAM | 10 |
388. | COUNTRY | 10 |
389. | LIMO | 10 |
390. | af | 10 |
391. | CHRISTMAS | 10 |
392. | camp | 10 |
393. | PUB | 10 |
394. | XXX | 9 |
395. | JEWELRY | 9 |
396. | BLACK | 9 |
397. | CYB | 9 |
398. | ACTOR | 9 |
399. | SURGERY | 9 |
400. | VET | 9 |
401. | courses | 9 |
402. | film | 9 |
403. | PM | 9 |
404. | DO | 9 |
405. | EC | 9 |
406. | RE | 8 |
407. | MODA | 8 |
408. | LOAN | 8 |
409. | HOST | 8 |
410. | HK | 8 |
411. | VOYAGE | 8 |
412. | BUZZ | 8 |
413. | CHARITY | 8 |
414. | GOPHER | 8 |
415. | DENTAL | 8 |
416. | RIP | 8 |
417. | ARCHI | 8 |
418. | SOCCER | 8 |
419. | SH | 7 |
420. | LT | 7 |
421. | cleaning | 7 |
422. | GLASS | 7 |
423. | CAB | 7 |
424. | IST | 7 |
425. | IS | 7 |
426. | CRICKET | 7 |
427. | yt | 7 |
428. | gripe | 6 |
429. | graphics | 6 |
430. | HOCKEY | 6 |
431. | SX | 6 |
432. | WF | 6 |
433. | AUDIO | 6 |
434. | HORSE | 6 |
435. | vin | 6 |
436. | REISEN | 6 |
437. | KIM | 6 |
438. | CEO | 5 |
439. | NAVY | 5 |
440. | MEMORIAL | 5 |
441. | BAR | 5 |
442. | DEMOCRAT | 5 |
443. | LLC | 5 |
444. | page | 5 |
445. | GUITARS | 5 |
446. | FISHING | 5 |
447. | COOP | 5 |
448. | STREAM | 5 |
449. | SG | 5 |
450. | dance | 5 |
451. | irish | 5 |
452. | TF | 5 |
453. | TIRES | 5 |
454. | BINGO | 5 |
455. | REST | 4 |
456. | OOO | 4 |
457. | COOKING | 4 |
458. | salon | 4 |
459. | study | 4 |
460. | MEN | 4 |
461. | GY | 4 |
462. | TATTOO | 4 |
463. | FAIL | 4 |
464. | AR | 4 |
465. | ABOGADO | 4 |
466. | LUXURY | 4 |
467. | TENNIS | 4 |
468. | TIENDA | 3 |
469. | IM | 3 |
470. | vodka | 3 |
471. | TL | 3 |
472. | TC | 3 |
473. | REPUBLICAN | 3 |
474. | VOTE | 3 |
475. | REHAB | 3 |
476. | MAISON | 3 |
477. | IMMO | 3 |
478. | DOWNLOAD | 2 |
479. | KAUFEN | 2 |
480. | MOM | 2 |
481. | observer | 2 |
482. | KR | 2 |
483. | mu | 2 |
484. | theater | 2 |
485. | IE | 2 |
486. | JP | 2 |
487. | FUTBOL | 2 |
488. | VIAJES | 2 |
489. | PET | 2 |
490. | GR | 2 |
491. | fo | 2 |
492. | gives | 2 |
493. | JE | 2 |
494. | CARS | 2 |
495. | FLOWERS | 1 |
496. | FANS | 1 |
497. | STORAGE | 1 |
498. | NU | 1 |
499. | PY | 1 |
500. | SUCKS | 1 |
501. | XN--6FRZ82G | 1 |
502. | AIRFORCE | 1 |
503. | BOND | 1 |
504. | LV | 1 |
505. | MY | 1 |
506. | mg | 1 |
507. | VN | 1 |
508. | SARL | 1 |
509. | fan | 1 |
510. | immobilien | 1 |
511. | BOATS | 1 |
512. | | 1 |
513. | BLACKFRIDAY | 1 |
514. | MD | 1 |
515. | JUEGOS | 1 |
516. | RODEO | 1 |
517. | INC | 1 |
518. | TICKETS | 1 |
519. +----------------------------------+----------+

Yes, but they don't have such HUGE volume in these TLDs.
See numbers above...

Are these Epik reg numbers?

 

[carob]

https://techcrunch.com/2021/09/17/epik-website-bug-hacked

TechCrunch has since learned that Epik was warned of a critical security flaw weeks before its breach.

Security researcher Corben Leo contacted Epik’s chief executive Monster over LinkedIn in January about a security vulnerability on the web host’s website. Leo asked if the company had a bug bounty or a way to report the vulnerability. LinkedIn showed Monster had read the message but did not respond.

Leo told TechCrunch that a library used on Epik’s WHOIS page for generating PDF reports of public domain records had a decade-old vulnerability that allowed anyone to remotely run code directly on the internal server without any authentication, such as a company password.

“You could just paste this [line of code] in there and execute any command on their servers,” Leo told TechCrunch.