Prank website that lets you send poop through the post gets hacked

The database was leaked on a hacking forum exposing the angry messages personal messages sent by customers (Picture: @Changyencham) A website that lets people send boxes of animal mess to their enemies has been hacked, exposing details of customers and their messages. ShitExpress is a revenge prank website that lets […]

Package delivery

The database was leaked on a hacking forum exposing the angry messages personal messages sent by customers (Picture: @Changyencham)

A website that lets people send boxes of animal mess to their enemies has been hacked, exposing details of customers and their messages.

ShitExpress is a revenge prank website that lets you send a box of actual animal dung to victims and a personalised message to ‘people who annoy you the most’.

A vulnerability on the site allowed a hacker to gain access to the company’s database of customer email addresses and the messages they sent through the platform.

An ongoing feud between a hacker going by the name ‘pompompurin’ and cybersecurity researcher, Vinny Troia, resulted in the hacker gaining access to the website’s customer data when he went on the site to order a box to be sent to Troia.

‘Pompompurin’ then leaked the database on a hacking forum, exposing the angry personal messages sent by customers.

Poop emoji

ShitExpress is a prank website that lets you send ‘a piece of shit in a box around the world’ (Picture: Facebook)

One of the messages said: ‘I saw a cockroach today and thought of you… I stepped on it.’

Another said: ‘This gift shows my thanks for your hard work, and is a symbol of how great my team thinks you are. ENJOY!’

The hacker told Bleeping Computer that the data he downloaded was surprisingly small and that they did not hold it for ransom. Instead, they just notified the website owner after dumping the data.

He said: ‘It’s honestly not that big… There’s about 29,000 orders in the data.

‘We have spotted some unusual activity on our server 4 days ago and found out that one of our script is vulnerable to SQL injection. It’s purely our fault — a human error that could happen to anyone,’ a ShitExpress spokesperson told Bleeping Computer.

ShitExpress also clarified that the website did not store any personal information about its customers.

‘If someone pays with a cryptocurrency, it’s obviously very safe and anonymous. If they pay by credit card, all the information stays with the payment processor. It’s simple as that,’

ShitExpress accepts payments made via credit card or Bitcoin and promises its customers complete anonymity.


MORE : Hunt for dog poop bandit throwing dozens of bags into trees


MORE : Teen Mom grandmother Debra Danielsen mortified by ‘depraved’ daughter Farrah Abraham’s plans to sell jars of poop

Next Post

FCC visits Denver to tout free internet subsidy that 80% of eligible Coloradans are ignoring

Sat Aug 20 , 2022
About 80% of Colorado households eligible for $30 to $75 a month to pay for internet service don’t seem to want the free benefit.  Or perhaps, they just don’t know about it. That’s why Geoffrey Starks, a commissioner with the U.S. Federal Communications Commission, dropped by A.B. Hirschfeld Towers in […]