ContributorsPublishersAdvertisers
Technology

Website that lets you send poop through the post gets hacked

By Sead Fadilpašić
TechRadar
TechRadar
 2 days ago
https://img.particlenews.com/image.php?url=3uQReb_0hJjwt8N00
(Image credit: Shutterstock / Leika)

A known threat actor has hacked his way into notorious revenge website ShitExpress and leaked the company's secure data, including customer email addresses and the messages they sent through the platform.

ShitExpress is an online service that allows people to send actual faeces, through the post, to whomever they desire. It’s designed to be a prank site, where people can purchase a piece of animal faeces and have it delivered to someone’s door, in a box, together with a personalized message.

You can imagine the type of messages someone would send together with a piece of animal dung to their cheating former partners, horrible ex boss, or noisy neighbor - hence why this leak might be troubling to many customers.

SQL Injection flaw

As reported by BleepingComputer, a user going by the name “pompompurin” visited the site in order to send a box to his long-time arch-nemesis, cybersecurity researcher, Vinny Troia. The two go way back, pranking and harassing each other for quite some time, the publication reported.

Upon opening the site, he realized that it was vulnerable to SQL Injection, and soon Mr pompompurin was soon sifting through email addresses, customer messages, and other private data (opens in new tab) associated with the orders.

A day after successfully compromising the site, he leaked the database on a hacking forum. Speaking to the publication about it, pompompurin said the database was surprisingly small: "It's honestly not that big... There's about 29,000 orders in the data," he said.

He also said that he didn’t do it for ransom or anything similar. "I gained access a day before I leaked it, and I notified the website owner after dumping the data. [I'm] not sure if they've acknowledged or anything as of yet," he confirmed.

In response to the incident, ShitExpress acknowledged the breach, and took responsibility, saying: "It's purely our fault -- a human error that could happen to anyone. It was found by one of our customers. We fixed the error immediately.”

As this is a prank site, that gathers almost no customer data at all, there was nothing particular to leak from the compromised endpoints (opens in new tab). Payment data was left with the payment provider, meaning pompompurin never got it.

Via: BleepingComputer (opens in new tab)

https://img.particlenews.com/image.php?url=3pe8ik_0hJjwt8N00

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Comments / 0

Related
TechRadar

Google Chrome update squashes bug used to attack users

Google has patched a high-severity vulnerability for the desktop version of its Chrome browser. The flaw, tracked as CVE-2022-2856, is being actively exploited in the wild, the company says, which is why it’s paramount that users patch their endpoints (opens in new tab) immediately. As is common, Google doesn’t...
SOFTWARE
TechRadar

Unsurprisingly, most data breaches are caused by hacking

The majority of all data breach incidents were down to pure hack attacks, new research has found. A report from Flashpoint found that of all the data breach incidents reported during the first half of the year, six in ten (60%) happened due to “hacking” - when a person (or a group) accesses company systems without permission.
PUBLIC SAFETY
ZDNet

Don't want your phone hacked? Just do this one thing

Every so often I have to dive back into the waters of mobile security and offer up a hard truth for users to swallow. Most often those truths are pretty easy to accept, such as never installing a piece of software unless it's found in the app store for your ecosystem (Google Play Store and the iOS App Store), using a password manager, or always making sure to keep both apps and the operating system updated.
CELL PHONES
RELATED PEOPLE
Person
Vinny Troia
Phone Arena

These Android apps can steal money from your bank account; uninstall them now

Be careful Android users. According to security researchers at Trend Micro, there has been a growing number of apps containing malware aimed at collecting personal banking information from users. Such data includes a victim's banking credentials, PIN numbers, passwords, and any other information that will help the bad actors steal from an online banking app.
CELL PHONES
LADbible

Expert warns never to spend longer than five minutes on the loo

According to the experts if you're spending more than five minutes sitting on the loo at a time then you're doing it wrong. Research from Topps Tiles reckons that Brits spend about three and a half hours on the toilet each week, split up into stints of about five minutes on average and between four and seven trips a day.
HEALTH
TechRadar

There's a major new security update for iOS and macOS, so update now

Apple has released macOS Monterey 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 which addresses two zero-day vulnerabilities being actively exploited in the wild. One of the flaws, affecting all three forms of the software is an out-of-bounds write vulnerability in the OS Kernel which can be abused to grant malicious applications highest privileges - in other words, an attacker could use it to fully take over a vulnerable endpoint (opens in new tab).
COMPUTERS
IN THIS ARTICLE
#Al Jazeera Balkans#Data Access#Hacking#Shitexpress
BGR.com

5 Safari settings on your iPhone that you should change immediately

Privacy-conscious internet users might be doing whatever they can to reduce the amount of data tech companies collect about them. Complete user-tracking prevention is impossible, given the plethora of devices, websites, apps, and services we use online every day. But you can take steps to reduce the data you offer websites. With that in mind, iPhone users should ensure they enable certain Safari settings that can help improve privacy and reduce tracking.
CELL PHONES
US News and World Report

Signal Says Attackers May Have Accessed Phone Numbers of 1,900 Users

(Reuters) - Encrypted messaging service Signal said the phone numbers of 1,900 users could have been revealed in a phishing attack on Twilio Inc, its verification services provider, earlier this month. The attacker could also have accessed the SMS verification code used to register with Signal, but message history, profile...
PUBLIC SAFETY
The Independent

iOS update: Apple releases urgent new versions of iPhone, Mac and iPad operating system to fix security bug

Owners of iPhones, Macs and iPads have been urged to update their devices as soon as possible, after Apple released a new security update.The three operating system updates – iPad and iOS 15.6.1, and macOS 12.5.1 – fix a pair of major bugs that could allow hackers into a system.What’s more, Apple says the vulnerabilities “may have been actively exploited”, meaning that any devices that have not been updated could be running the risk of attack.The three updates all fix the pair of bugs, both of which could be used by hackers. Both allow hackers to run code without permission,...
CELL PHONES
YOU MAY ALSO LIKE
NewsBreak
Technology
SPY

These Top Security Cameras Don’t Require a Subscription, Letting You Save Money While Staying Safe

Home security systems deter intruders, plain and simple. It’s been reported that 60% percent of burglars will avoid houses with home security cameras.  Thankfully, putting together a home security system is more affordable than ever. Many home security cameras and video doorbells cost under $100 but can significantly up your home’s security and protect you and your valuables. So, how come everybody doesn’t have a security camera at home? Well, one pesky inconvenience often deters people from getting or using a home security system: subscriptions. Many home security cameras and video doorbells keep features within their subscription. Even though subscriptions are...
ELECTRONICS
Engadget

Facebook and Instagram apps can track users via their in-app browsers

If you visit a website you see on Facebook and Instagram, you've likely noticed that you're not redirected to your browser of choice but rather a custom in-app browser. It turns out that those browsers inject javascript code into each website visited, allowing parent Meta to potentially track you across websites, researcher Felix Krause has discovered.
CELL PHONES
TechRadar

This nasty Amazon Ring vulnerability could have exposed all your recordings

The Android app of Ring, the Amazon-owned firm that offers doorbells and indoor and outdoor surveillance cameras, had a vulnerability that could have allowed threat actors to steal identity (opens in new tab) data including geolocation and camera recordings. Cybersecurity researchers from Checkmarx found the vulnerability in the com.ringapp/com.ring.nh.deeplink.DeepLinkActivity activity,...
CELL PHONES
PC Magazine

Hey Google, How Do I Take a Screenshot on an Android Device?

Taking a screenshot on your Android device sounds like a simple task. You just hit a few buttons and the screen is saved to your phone. However, Android devices are not as uniform as iPhone, so methods can differ depending on the device manufacturer and OS version you're running. Phones...
CELL PHONES
TechRadar

Millions of us are using malicious browser extensions without realizing

Malicious browser (opens in new tab) extensions are becoming so widespread that millions of users apparently have them installed. A new report from Kaspersky analyzing telemetry data from its endpoint protection solution and found that in the last two and a half years (between January 2020 and June 2022), there had been more than 4.3 million unique users attacked by adware hiding in browser extensions. In other words, some 70% of all affected users encountered this type of threat.
INTERNET
TechRadar

TechRadar

45K+
Followers
44K+
Post
5M+
Views
ABOUT

Its mix of genuine and reliable advice alongside entertaining and fun to read editorial content is why millions of people trust TechRadar to give them tech advice on everything from the latest smartphone releases to the best in digital cameras.

 http://www.techradar.com

Comments / 0

Community Policy