Faeces revenge website hacked showing who’s used it and their messages

The database was leaked on a hacking discussion board exposing the indignant messages private messages despatched by clients (Image: @Changyencham)

A web site that lets individuals ship packing containers of animal mess to their enemies has been hacked, exposing particulars of shoppers and their messages.

ShitExpress is a revenge prank web site that allows you to ship a field of precise animal dung to victims and a personalised message to ‘individuals who annoy you probably the most’.

A vulnerability on the location allowed a hacker to achieve entry to the corporate’s database of buyer e mail addresses and the messages they despatched by way of the platform.

An ongoing feud between a hacker going by the title ‘pompompurin’ and cybersecurity researcher, Vinny Troia, resulted within the hacker having access to the web site’s buyer information when he went on the location to order a field to be despatched to Troia.

‘Pompompurin’ then leaked the database on a hacking discussion board, exposing the indignant private messages despatched by clients.

ShitExpress is a prank web site that allows you to ship ‘a chunk of shit in a field world wide’ (Image: Fb)

One of many messages mentioned: ‘I noticed a cockroach as we speak and considered you… I stepped on it.’

One other mentioned: ‘This reward exhibits my thanks in your laborious work, and is an emblem of how nice my workforce thinks you're. ENJOY!’

The hacker advised Bleeping Laptop that the information he downloaded was surprisingly small and that they didn't maintain it for ransom. As a substitute, they simply notified the web site proprietor after dumping the information.

He mentioned: ‘It’s truthfully not that massive… There’s about 29,000 orders within the information.

‘We have now noticed some uncommon exercise on our server 4 days in the past and discovered that one in every of our script is weak to SQL injection. It’s purely our fault — a human error that would occur to anybody,’ a ShitExpress spokesperson advised Bleeping Laptop.

ShitExpress additionally clarified that the web site didn't retailer any private details about its clients.

‘If somebody pays with a cryptocurrency, it’s clearly very secure and nameless. In the event that they pay by bank card, all the data stays with the fee processor. It’s easy as that,’

ShitExpress accepts funds made by way of bank card or Bitcoin and guarantees its clients full anonymity.