MARKETPLACE FOR VULNERABILITIES Exploithub has admitted that "an embarrassing oversight" in security left it open to theft.
Attackers from Inj3ct0r Team broke into Exploithub and boasted that they had stolen its exploits. "Ho, ho, ho, Merry Christmas all 1337Day Exploits Database users!" it said in a tweeted message this week. "Inj3ct0r Team has hacked http://exploithub.com."
A release from the group said that the exploits taken are worth an estimated $242,333. Inj3ct0r Team runs its own exploits website at www.1337day.com and said that it will release the Exploithub information this weekend if it gets 30,000 subscribers.
"If we have 30,000 subscribers by 16/12/2012, we will publish the private exploits we attained from Exploithub. Show how you love us, and we will show how we love you. Inj3ct0r has hacked Exploithub and publish many private 0day exploits," said the group in a Facebook post.
"Tell your friends about this campaign and collect subscribers! Add the Inj3ct0r RSS feed to your page and the probability to collect 30,000 subscribers will increase! The ability to release the Exploithub private exploits lie in your hands."
Exploithub has been humbled by the attack that the Inj3ct0r team said took only a couple of hours.
"After our initial investigation we have determined that the web application server itself was compromised and access to the database on that server was available to the attacker," it said.
"The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part".
This would tie in with the reason that the hackers gave for their attack. "We hacked http://exploithub.com because the people who publish private exploits on http://exploithub.com need know that the Exploithub Admins are lamers and can not provide them with adequate security," they said in the 11 December release.
Exploithub said that due to the nature of its business it would always be a target, and played down the scale of the losses.
"Being a high profile target, the Exploithub endures attacks daily. Due to this high level of risk, the Exploithub system is architected in such a manner as to drastically limit and contain the impact of a successful compromise of its public-facing component, the web application server, to prevent the further compromise of any valuable product data such as exploit code," it said.
"Current assessment of the attack indicates that the impact was limited to compromise of data from only the web application server which does not house exploit code or other product data. Again, there is currently no evidence that the exploits or other products themselves have been compromised or stolen." µ