Cyber Incident Victim: Jabbim

In September 2016, hackers breached Jabbim, a service utilizing the Jabber/XMPP instant messaging protocol, and exfiltrated an 8GB file containing approximately six months of archived private chat messages from the platform's paid VIP users. The stolen data, sourced from a server-side message history system called Jorge that exclusively stored communications for VIP subscribers, included message content primarily in Slovak and Czech languages alongside associated IP address logs. Jabbim administrator Jan Pinkas confirmed the service had been discontinued in September 2016, coinciding with the breach timeframe. The compromised archives represented a significant exposure of sensitive communications, as many users—including hackers, technologists, and journalists—relied on Jabber for secure conversations, often employing encryption plugins like Off-the-Record (OTR). Unlike typical credential-focused breaches, this incident uniquely exposed the substantive content of private discussions rather than solely authentication data.

The stolen chat archives circulated among data traders before being provided to Motherboard in January 2017 by LeakBase, a paid breach notification service, and a hacker known as w0rm. These entities also shared a separate file allegedly containing Jabbim usernames and plaintext passwords from 2016, though Pinkas attributed this credential set to an unrelated 2014 breach of the platform. In response to the 2016 incident, Pinkas implemented enhanced security measures including migrating all user passwords to bcrypt hashing to increase resistance against cracking attempts. The breach underscored operational risks associated with server-side message archiving features, particularly for services catering to security-conscious communities. While Jabbim's VIP message history service was no longer active at the time of disclosure, the exposure demonstrated how archived communications—even from discontinued systems—could resurface through subsequent breaches.