HostHatch Was Not Breached

ummmm … okay.

Not sure if I’m interpreting what you wrote correctly.

Are you suggesting that HostHatch might somehow have you … dealt with? :smile:

No, definitely not! That was purely meant for CC. :slight_smile:

Just gave that as the reason why I’m not doing this anymore.

1 Like

okay …

I see people who go up against the CC mafia end up shitposting themselves to a sticky end on LET … probably a side effect of the novichok.

The easiest (and most effective) way to fight CC is moving to HostBalls, and not using any of their countless brands. Of course you’re free to keep shitposting on LET.


except VirMach …

VirMach was never proven to be their brand afaik. If they are, then well played.

true … VirMach == Keyser Söze :smile:

Would it be possible to ask you for some actual proof of this? No need to PM me, you should share an excerpt of the breached database publicly here, since you made the claim in public. Please and thanks.

If we were storing 20k email/password entries in plaintext, these were leaked, and we did not even notify the users for nearly 3 years - then I am probably one of the worst people in this industry. Either all of this is true, or none of it is (more on that later) but since you seem to know more about this than I do, please do share. Thanks again.

1 Like

Judging by this you have some info to share about this whole story. If you have nothing to hide, you should clear this up with and ask them to remove you from the list. I just simply can’t understand why would someone end up on a list like this if nothing happened.

You know I’m not the one to wait answers from.

And yes, I did claim it in public, since it’s on the internet for years and you haven’t done anything about it (?).

No excerpt of the breached database then, I assume? Will it change your mind if I say pretty please?

You seemed very confident earlier claiming the things that you were claiming. I hope you did not do this without actually seeing said breached database?

Once more, I’m not the one who have to prove that there is no breach that happened.
Keeper says something happened, I don’t see any press release about it nor the breached database, but I don’t understand why would anyone claim that it happened if it didn’t - and why HostHatch and not others.


Edit: I will be more than happy to ask for post removals if you tell us the whole story and you’re right.

@Abdullah googling “hosthatch breach” brings up this page:

which states the following:

Site: HostHatch

Description: In November 2016,’s database was breached. The stolen data contains over 20,000 user records including associated email addresses and plaintext passwords. The leaked credentials are being shared and sold privately on the dark web.

Passwords: 18769

I’m pretty sure this is what @Theseus is talking about.

It’s from a company that sells a password manager, so it’s in their interest to list as many companies as possible which got breached. However, if this is not something that happened, then the webpage is slanderous and you should take steps to have them take down this entry.


Basically what I’m trying to say.


Told you straight away they weren’t breached…

Funnily enough, you are the first and only person that I know of, who has talked about it on a hosting forum, or any forum in general. Not even a single customer has once contacted us, or me, about this in the last 3 years. “Internet” is a vast place, and many websites claim many strange things.

But you seemed 100% confident in what you said, so much so that you attacked one of our customers for “not doing their research”. So I naturally I assumed you wouldn’t have done so without seeing the actual evidence. Because that would be my personal criteria for attacking someone, but to each their own.

You made snarky comments like this:

You didn’t ask others for opinion, nor did you contact me. You confidently and quite arrogantly said that this happened, without proof.

Obviously when someone questioned you for proof - all the snarkiness disappeared and you suddenly became mature, as you are acting now.

So I will return the favor of being mature and post the full story after I get my sleep. Hope you will learn a thing or two about being honest and less snarky afterwards. To be clear, there is no breach.


Can’t wait for the full story, and can’t wait to hear why it hasn’t been removed for the past few years.

Civil discussions are fine, this was starting to get out of hand. I appreciate that @Theseus tried to end the discussion, I can also appreciate @Abdullah wanting to defend HostHatch afterward. The conversation has been moved to it’s own thread (as the length warranted it) and you are free to continue discussing the subject at hand should you choose to do so, just keep things civil.

For the record, the primary reason that this thread hasn’t been closed is because, quite frankly, I’m interested to hear the other side of the story.


This went a bit out of hands still, especially on my part. If @Abdullah posts the full story behind it which proves that it didn’t happen and posted something false, I’d like to get things cleaned up which went too far - and of course I will make sure to apologise in public.


Shit happens, thank you for being mature about it. I’m looking forward to hearing the other side of the story.


Firstly, since people keep mentioning - I should clarify that this is likely a new listing from a few months ago, since I haven’t seen this before yesterday. The source db appears to be clearly the same.

The original listing was done on, nearly 3 years ago. Soon after this, we were contacted by someone telling us that they have access to a breached database, and that they want a certain amount of money in bitcoin for them to not share this with the world. There was no actual proof offered (hint hint), and all that was offered as a proof was a link to If we did not pay this money, the database would be leaked publicly.

There were holes in this story:

  1. If there was a breach, we would likely know about it.
  2. We did not have 20k accounts in Nov 2016. This number was far off.
  3. We used to use default whmcs behavior of emailing passwords a long long time ago (as did many other providers with very high reputation today), we were flamed for it, and this was changed. There were no 20k (or even 2k) plaintext passwords.
  4. Breaches like this, especially if there were plaintext passwords, do not remain hidden. They spread like wildfire. Remember Staminus?

If there was even a sliver of a chance of this being real, we would have informed the customers, and force reset all passwords - like any responsible company would do.

We knew this person was lying, he was blocked, and the case was over. His threat to “publicly leak the db” never became a reality.

In 3 years, not even a single customer has contacted us or me, asking about the listing on, or anywhere else. It was a non-issue. So I never bothered with it and went on living my life.

Now I assume it either began with this (Hi Hurley, or Theseus) or before this, but I was only made aware of it yesterday, that some troll appears to be making rounds on hostballs, making snarky comments with no evidence whatsoever about a db breach.

I have seen the “database” in question. It is a text file called “hosthatch.com_plain.txt” with email:password pairs, none of which belong to us. A lot of it is “123456” and “ab123d”. None of the emails are registered with us. So obviously someone was trolling with it, or it was simply created to blackmail us a few years ago.

Following is the email from after I let them know of this story yesterday:

Thanks for letting us know.

This must have slipped through our verification process as every database we add should be verified before we add it, so we apologize for having added it.

We have removed it from

Now I hope @Theseus is not the person who created this text file to blackmail us for money that never came. Considering no one else has ever cared in 3 years, he seems to be quite sure and motivated. So can I ask what the punishment is on this forum for attacking businesses with no proof? What is next, “He definitely murdered someone because I saw it on some hole in the internet”?