It has been reported that Ripoff Report had misconfigured their Amazon S3 instance in 2016, resulting in what appears to be a PII leak of 1.77 million users. A researcher who discovered this vulnerability left voicemails and LinkedIn messages to the CEO without any returned response. 

In the same year, Ripoff Report was apparently hacked by Ephifaniou, a young man from Cyprus, who attempted to extort the company, threatening to go public with the exposed data unless payment of $90,000 was made within 48 hours. This threat actor also worked with an SEO company to illegally remove negative complaints for paying companies. 

Ephifaniou has been extradited to the U.S. and charged in a five count indictment including wire fraud, extortion related to a protected computer, and conspiracy to commit wire fraud, computer fraud and identity theft.