[mini] Popular Anonymous Prank/Revenge Delivery Service Hacked, Customer Details Leaked

[rcmaehl]

Summary

Shit Express, a Popular Prank/Revenge Delivery Service, had it's Databases leaked via an SQL Injection.

 

Quotes

Quote

ShitExpress... which bills itself as "a simple way to send a piece of shit in a box around the world," was recently breached. Data taken from the site... includ[es] customer email addresses paired with the messages... has been made public. The data was taken from a ShitExpress database by a hacker known as "Pompompurin." If that sounds familiar, it's probably because in November 2021, the same hacker exploited a flaw in the FBI's website to send emails from the "eims@ic.fbi.gov" domain. ShitExpress has reportedly addressed the vulnerability. It's also continuing to process orders, and at time of writing, it says on its website that someone used its services just 16 minutes ago.

 

My thoughts

How shitty, I can only imagine what went through the webmaster's head when shit hit the fan... "Oh shit" probably. Okay okay I'm done. Regardless, I would think that in this day and age, normal SQL Injection attacks would be protected against as it's webmaster 101, but I guess not. I'm sure this will cause some drama for those who have sent packages in the past.

 

Sources

PCMag (Quote source)

Tech Radar

Bleeping Computer

 

[Sauron]

would be funny if the attackers used a bot to commission a "gift" to everyone in the database

[Forbidden Wafer]

1 hour ago, Sauron said:

would be funny if the attackers used a bot to commission a "gift" to everyone in the database

I think it would be an absolute shit show.

[Heliian]

Good on them,  I'd never heard of this "service"  but that's what you get for being a shitty person.   

[jagdtigger]

1 hour ago, Heliian said:

Good on them,  I'd never heard of this "service"  but that's what you get for being a shitty person.   

Well TBH i know quite a few ppl that deserves the kind of package this service sent out.....