Home / Software & Gaming / Security / Hacker marketplace plundered… by hackers

Hacker marketplace plundered… by hackers

Jon Martindale December 13, 2012 Security

ExploitHub, a site that offers code that takes advantage of software vulnerabilities for a small fee, has found itself hacked, with a large database of its marketable software made available for free in a site dump.

Initially, the site's admins claimed that merely a message board discussion database had been ripped from the site, but now it's been confirmed that more than that was taken. Those claiming responsibility – Inj3ct0r Team – have said that they managed to download nearly a quarter of a million dollars (£150,000) worth of code.

“We hacked exploithub.com because the people who publish private exploits on exploithub.com need know that the ExploitHub Admins are lamers and can not provide them with adequate security,” the team said in a posting. Inje3ct0r operates a rival exploit code site, 1337day.com.

Injected
Everything is educational... right guys?

While ExploitHub now appears to be down, TheRegister has a few choice quotes from the website owners:

“After our initial investigation we have determined that the web application server itself was compromised and access to the database on that server was available to the attacker. The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part.”

However, it suggested that what was taken, was not vital information.

“The exploit information provided in Inj3ct0r's attack announcement text file and SQL dump consists of exploit names, prices, the dates they were submitted to the market, the Authors' IDs, and the Authors' usernames, all of which is publicly available information retrievable from the web application's normal browse and search functions; this is not private information and it was already publicly accessible by simply searching the product catalog through the website.”

Ultimately the organisation said, that nothing of real value was stolen, just names and dates. This places its statement at odds with the Inj3ct0r claim of stealing far more than that.

KitGuru Says: While both groups offer morally and legally questionable services, both sites make big claims of adhering to laws and rules. Which makes it all the more interesting that Inj3ct0r was willing to announce its theft.

Become a Patron!

Tags

Check Also

Marvel Rivals has a major security issue enabling Remote Code Execution

A Remote Code Execution exploit has been discovered in Marvel Rivals, allowing hackers to remotely spread malware through the game.

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!