>"Unfortunately, a vulnerability was exploited and that list became public." //
If it was just a link to a file on the website them claiming a vulnerability was exploited is like saying "my security system was overcome" if I dropped my wallet on the bus.
Based on the ESA statement it’s probably a case of hanlon's razor where they have nobody on-staff to do a proper incident response. They also said they “shut down the site”, which really meant they removed/hidden the page in WordPress but they didn’t remove the culprit file nor did they take down the E3 website.
>"Unfortunately, a vulnerability was exploited and that list became public." //
If it was just a link to a file on the website them claiming a vulnerability was exploited is like saying "my security system was overcome" if I dropped my wallet on the bus.