In a statement on Facebook, ExploitHub wrote, “The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part.”
“The marketplace said the hackers only accessed information that was already publicly available by searching through its online catalog,” writes Computerworld’s Jeremy Kirk. “The information included exploit names, prices and the names of researchers but not any actual exploit code, which could be used in attacks. ‘The product data is stored elsewhere, and there is currently no evidence that the storage location was accessed by any unauthorized party or that any of the exploit code or other product data has been compromised or stolen as has been claimed,’ ExploitHub said.”
“Furthermore, they highlight the fact that the information published by Inj3ct0r is actually freely available and it can be accessed by anyone via the web application’s search and browse functions,” writes Softpedia’s Eduard Kovacs.
“[ExploitHub] qualified by stating that the investigation into the breach was ongoing,” writes SC Magazine’s Darren Pauli. “Its website was inaccessible at the time of writing.”