DataBreaches.net reports how an exposed back server exposed the chat messages, files, and information on almost 1 million servers. Even though the services, both owned by Stefan Chekanov, advertised that they used encryption, none of the data was encrypted. Some of the findings:
- There was a total of 980,972 entries in the users’ tables, with entries going back to 2006.
- The researcher first logged the backup as exposed in late April. From the logs, the researcher stated that the files in question were exposed from at least May 11th 2024 – July 4th 2025 . Because logging only began in late April, the server could have been exposed before then.
- While both Chatox and Brosix Enterprise contained users’ information as mentioned earlier, stored messages for the Chatox platform were from 2018-06-07 to 2024-06-13, while stored messages for the Brosix Enterprise platform were from 2021-12-01 to 2024-12-09.
- There were 65,641,097 unencrypted chat messages stored in Chatox and 37,233,646 unencrypted chat messages stored in Brosix.
- There were around 73,000 files stored for Chatox, and around 191,000 files stored for Brosix Enterprise. The files were unencrypted.
DataBreaches.net provides a few examples from Allstate, Florida Psychiatric Society, and Senator Tim Scott, but notes that there were many other firms and medical practices that used the services and had data exposed in the incident.
Read more at DataBreaches.net.
