Aug 15, 2022 12:00:00

A site that can anonymously send 'poop' to people is hacked and user data leaked

It was reported that

`` ShitExpress '', a joke site that allows you to send animal dung with a message to someone, was hacked and data leaked.

Anonymous poop gifting site hacked, customers exposed
https://www.bleepingcomputer.com/news/security/anonymous-poop-gifting-site-hacked-customers-exposed/

ShitExpress is a service that allows you to send feces such as horses to acquaintances and people you dislike, and Japan is included in the available areas. Shipping is free worldwide, and payment can be selected from 13.95 euros (about 1900 yen), 16.95 dollars (about 2200 yen), 0.05 BTC (about 160,000 yen), and credit cards in English-speaking countries Payment is possible. For all payment methods, ShitExpress is committed to keeping the customer's identity strictly confidential.

However, ShitExpress had its information stolen by a hacker named 'pompompurin' on August 9, 2022. According to the IT news site BleepingComputer, pompompurin is the administrator of the hacking forum 'Breached.co' and has previously stolen the customer data of 7 million people from the investment application

Robinhood and sent it to the Internet. It is said that it is a hacker who has sold it at.

Pompompurin, in a self-posted forum post, revealed that he recently visited ShitExpress and sent animal droppings to security researcher Vinny Troia. Mr. Troia has written a detailed report on the hacker organization The Dark Overlord , and pompompurin is said to have a grudge against Mr. Troia.

Pompompurin, who successfully harassed Mr. Troia on ShitExpress, discovered that ShitExpress had a vulnerability called SQL injection , and exploited it to send emails to other customers' email addresses and other customers' addresses. I stole the attached message.

Below is a screenshot of a post on a forum reporting pompompurin's stolen data. The part related to privacy is hidden by BleepingComputer, but when reading other parts, ShitExpress users say, ``How was the taste of my ○○? You blocked me, but ...' 'Congratulations, ○○! You are really a fucking bastard, so I will send you a statue of you as a reward.'

Pompompurin, who was contacted by BleepingComputer, commented, ``To be honest, the data stolen from ShitExpress wasn't that big.The number of orders is about 29,000.''

Although pompompurin published the data stolen from ShitExpress on the forum, he did not demand a ransom from ShitExpress, but instead contacted the owner of ShitExpress about the hack.

A ShitExpress spokesperson told us, ``Some time ago we discovered anomalous behavior on our servers, and one of our scripts was found to be vulnerable to SQL injection. We fixed this error immediately.Please understand that this site is just a prank site.No ransom demanded, nothing really happened.' I was.

Since the user's e-mail address etc. was leaked to the forum, nothing has happened, but at the time of writing the article, ShitExpress continues to operate as if nothing had happened.