[ad_1]
It is not difficult to imagine what you can buy on the store ShitExpress: from horse dung to pig dungthe selection is quite large, but it is not meant for agricultural uses as much as for jokes and / or revenge to be consumed by paying confidentially (even in bitcoin) while remaining strictly anonymous. Or, at least, this was the prerogative of the online store before it was visited by the well-known hacker known by the nickname pompompurin, who discovered a security flaw by entering the database to get names, email addresses and even messages accompanying boxes delivered to unsuspecting recipients.
Pompompurin also went up ShitExpress to send a nice “steaming” gift to a historical enemy like security researcher Vinny Troia at the head of the cybersecurity company Night Lion Security. The two have long been engaged in one long quarrelwith the hacker going as far as hacking Fbi servers impersonating the antagonist. The new skirmish, however, opened an unusual scenario: due to personal deformation, pompompurin immediately discovered that ShitExpress did not guarantee the adequate protection that it promised to its customers and in fact managed to take all the data from the internal database with a not so complicated attack. of type SQL injection. He was thus able to put his hand on the list of names, emails and above all gods messages that users accompanied to packages.
Pearls were not lacking, such as “I am sending you a sculpture that represents you” or “To remind us of your betrayal” or again “Here’s what our team thinks of you“, naturally stuffed with various appropriately censored insults. The hacker communicated of not asking for ransomware-style ransomsbut to have limited himself to informing the owners of the store, that they have so fixed the flaw. How reported on BleepingComputerusers who have relied on the service should not worry too much since those who paid with cryptocurrencies did not have to declare sensitive information, while for credit card transactions everything is passed by the manager without leaving data on the portal.
.
[ad_2]
Source link
