A
key.dat file, by itself, is useless to 'hackers.' Only when you have a second
key.dat file generated on the
same computer with a key
you know can you extract the key from the first
key.dat. I explained the process
here.
The issue is that CBMHost is not a secure or professional hosting service. Any legitimate hosting service would use FTP jailing AND access restrictions to prevent users from accessing other users'
key.dat files. They'd also (hopefully) use secure passwords on administrator accounts. None of the people involved in this are known for RATing, so I highly doubt that a keylogger or other tool of its kind was used to break in. It was negligence on behalf of CBMHost that left some kind of access violation open for exploitation.