UPDATED 12:22 EDT / DECEMBER 17 2012

NEWS

Online Boutique ExploitHub Hacked, Database Leaked

ExploitHub, which sells code to attack software security holes, has been hacked, leading to database leak of the website. The online boutique ExploitHub was hacked by group called Inj3ct0r Team, which apparently operates an exploit bazaar to rival ExploitHub, has taken the responsibility of the hacking.

“We hacked exploithub.com because the people who publish private exploits on exploithub.com need know that the ExploitHub Admins are lamers and cannot provide them with adequate security. We siphoned off $242,333 (£150,134) in downloads. It appears the group may have infiltrated the website via its Magento eCommerce installation,” the team said.

Explaining the scenario, ExploitHub said that a combination of human error and poor security controls allowed the breach to take place, but the software goods were not exposed.

“The database on that server however only contains information used by the web application itself as well as product information such as exploit name, price, and author, but does not contain any actual product data such as exploit code. The product data is stored elsewhere and there is currently no evidence that the storage location was accessed by any unauthorized party or that any of the exploit code or other product data has been compromised or stolen as has been claimed, however our investigation is ongoing,” ExploitHub stated.

In this scenario, damage control appears to be somewhat easy for ExploitHub, says HackANGLE editor Kyt Dotson; by making sure that only the information necessary for operations was exposed to the web (and thus the exploit) it reduced the overall likelihood that attackers gained access to more sensitive information. Compartmentalization isn’t just a good programming and operations technique: it’s also an important element of security.

ExploitHub seems like an ironic target for hackers and they have been keeping their customers up-to-date on the breach.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU