xat

In November 2015, xat, a popular online chat platform, experienced a significant security breach resulting from a social engineering attack. An unauthorized third party successfully convinced xat's hosting provider, 100TB, to add an unauthorized email address to xat's account, disable two-factor authentication, and grant control over xat's servers. This breach compromised approximately 6 million user accounts, exposing usernames, email addresses, passwords, IP addresses, and website activity. The attacker damaged one of xat's servers, stole proprietary software, and wiped the server, rendering data unrecoverable. Despite xat's requests to secure and power down the servers, further unauthorized access occurred, leading to additional data loss, including proprietary log files, databases, and source code. In response, xat filed a lawsuit against 100TB, alleging breach of contract and gross negligence. The court found that the liability limitations in the hosting agreement were unenforceable due to their trivial sum, allowing xat's claims to proceed. This incident underscores the critical importance of robust security protocols, vigilant authentication procedures, and comprehensive contractual agreements to protect user data and maintain service integrity.

Data Included in the Breach