If you used ShitExpress to send someone a box of anonymous crap, they may know who you are. A hacker was sending someone who had offended them a box of dung when they spotted a vulnerability and took a stroll through the ShitExpress database.
Surprisingly, there haven't been as many boxes of shit sent as one might think!
Recently, when pompompurin visited ShitExpress to send a token of appreciation to Troia, the hacker realized the website was vulnerable to SQL Injection.
The hacker was able to access customer messages, email addresses, and other private data associated with customer orders.
This Tuesday, pompompurin also shared a small sample data set containing a preview of multiple database tables hosted by ShitExpress.
Some of the messages contained in the orders are shown below. BleepingComputer has redacted messages with overly explicit wording that readers may find offensive.