ShitExpress hacked, customer info exposed online

Anonymous poop gifting site ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a "customer" spotted a vulnerability.

Except, in an interesting twist, rather than responsibly reporting the vulnerability, the customer who is a known threat actor ended up exploiting the bug and downloading the entire database.

This database was then shared on a hacking forum, exposing the angry, and sometimes hysterical, personal messages sent by the customers with the gifts.

ShitExpress' 4-step buying process involves:

• Choosing an animal, ahem excrement, e.g. organic, wet horse poop.
• Providing a shipping address
• Customizing packaging, e.g. with a smiley sticker
• Paying for your order via credit card or Bitcoin.

According to a forum post authored by pompompurin, the hacker recently visited ShitExpress to send a box of poop to cybersecurity researcher Vinny Troia. The hacker was able to access customer messages, email addresses, and other private data associated with customer orders. On Aug 9, pompompurin also shared a small sample data set containing a preview of multiple database tables hosted by ShitExpress.

In the same time, a massive hacker attack forced over 100 Belgian and Dutch dental practices to close shop.