Often when a website or service is hacked, it's only usernames or passwords that are exposed. But in one case, hackers made off with months worth of private messages between users of an instant messaging service.

Jabber is a protocol for sending chat messages, [otherwise known as XMPP](https://www.jabber.org/faq.html#jabber). Hackers, technologists, and journalists often use Jabber to message one another, as the communications can also be easily encrypted with a client plug-in. Loads of different organizations run Jabber servers; one of those being Jabbim.

Unfortunately for users of [Jabbim's paid VIP service](https://www.jabbim.com/vip.html), hackers stole an 8GB file containing around six months worth of chat messages from 2016. The majority of messages are in Slovak in Czech, and the records also include IP address logs.

"Last year I canceled this service at all and from September 2016 this service not exist \[sic\]," Jan Pinkas, the administrator of Jabbim told Motherboard in an online chat.

**Read more:** [**Another Day, Another Hack**](http://motherboard.vice.com/tag/another+day+another+hack)

Pinkas, who briefly looked at the file for Motherboard, said, "For now, it's look for me like dump from Jorge database \[sic\]. I used Jorge for Jabbim Archive service, it was server side message history system, available only for VIP users."

Paid data-breach notification site [LeakBase](https://leakbase.pw/) provided Motherboard with the file, and the messages have already been swapped among data traders for some time. LeakBase, as well as the hacker known as w0rm, also sent Motherboard another file which it claimed was a list of Jabbim usernames and plain text passwords from 2016. According to Pinkas, however, those details originated from a previous Jabbim hack in 2014.

In response, Pinkas said he has increased user and password security on Jabbim, including hashing all passwords with bcrypt, an algorithm that makes passwords much harder for hackers to crack.

**The lesson:** Because logs of this type aren't exposed all that often, it might be easy to forget that chat services may be recording not just your logins but your messages too. If you're paranoid about a data breach leading to your chats being dumped online, you might want to use an end-to-end encrypted messenger instead. Jabber users can install the off-the-record plugin if they want to stick with something like Jabbim too.

**_Get six of our favorite Motherboard stories every day_** [**_by signing up for our newsletter_**](http://motherboard.club/)**_._**

Motherboard

security

Tech

Hackers made off with chat logs from the instant messaging service’s paid VIP offering.

Hack Exposes Reams of Private Jabber Chats

Hacking

data

Infosec

motherboard show

chat logs

Jabber

xmpp

Internet Insecurity

Another Day Another Hack

LeakBase

breeches

Video

Apps

Podcasts

Newsletters

Culture

News

Munchies

Rec Room

Drugs

Entertainment

Environment

Extremism

Horoscopes

Identity

Investigations

investigations

Justice

JUSTICE

Money

Music

Photography

Travel

VICE Magazine

VICE Voices

The Unfiltered History Tour

The Gender Spectrum Collection

About 

Jobs

Partner

Content Funding on VICE

Security Policy

Privacy & Terms

Accessibility Statement

VICE

VICE on TV

Refinery29

vice

FYI.

This story is over 5 years old.

Hack Exposes Reams of Private Jabber Chats

FYI.

This story is over 5 years old.

Hack Exposes Reams of Private Jabber Chats

ONE EMAIL. ONE STORY. EVERY WEEK. SIGN UP FOR THE VICE NEWSLETTER.