Cyber Incident Victim: XAT

On November 6, 2015, the UK-based social networking platform xat disclosed a security breach resulting from a social engineering attack against its hosting provider. Attackers successfully deceived the provider into temporarily transferring control of some xat servers to them, enabling unauthorized access to systems between approximately November 4 and November 6. During this period, the third party likely exfiltrated xat's registered user database containing usernames, email addresses, hashed passwords, and IP addresses. The compromised infrastructure did not store real names, physical addresses, payment card details, birthdates, or other sensitive personal identifiers. Service disruptions began manifesting two days prior to the disclosure, with xat attributing operational instability to the breach. The organization terminated access to the compromised servers for forensic analysis and initiated migration to replacement infrastructure under a different hosting provider to restore operations.

The breach necessitated a database rollback to the November 4, 2015 08:04 GMT backup, reversing all user trades conducted between that timestamp and the service takedown. Purchases made during the compromised period were re-credited to affected accounts. xat confirmed the incident exposed authentication credentials in hashed form but emphasized the absence of financial loss mechanisms due to its data storage practices. Service restoration efforts prioritized infrastructure replacement over credential resets, with no immediate public directive for users to change passwords. Concurrently, xat solicited information from users regarding both the social engineering incident and recent distributed denial-of-service (DDoS) attacks targeting the platform. The disclosure acknowledged operational and reputational impacts while expressing confidence in user loyalty during the recovery phase.