Many of you will have noticed the serious problems with the xat service over the last two days. It would appear that our hosting provider fell for a simple social engineering scam and briefly handed control of some of xat's servers to a third party.
It is likely that the third party was able to download the xat registered user database. This consists of registered usernames, email address, a hashed version of the password and ip address. We do not store real names, addresses, financial data, dates of birth or similar personal information.
The old servers have now been shut down for analysis. It is therefore necessary to replace them with new servers with a different provider and we are working on this as quickly as we can. We would appreciate your patience while we perform this task and return xat to normal operation. The database was rolled back to Nov 4 08:04 GMT so any trades you did after that but before the breach will have been reversed. Purchases made after that time will be re-credited.
We have always appreciated the loyal and committed users who have helped xat to grow into the fun place that it is. We are confident that we will have things back to normal and really appreciate your support during this difficult time.
Anyone with information about this attack or recent DDoS attempts can email it to firstname.lastname@example.org with the subject: tipoff.
We look forward to chatting again with you soon.
The xat team
6 Nov 2015