Logo for Shitexpress

In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records. The breach also exposed the IP and email addresses of senders, physical addresses of recipients and messages accompanying the shit delivery.

As you can read in the Blipping Computer article, it looks like the data of who was pranking who was not leaked:

As mentioned on our site, we never reveal the real identity — simply because we don’t have any personal information of the people who filled the form on our website. If someone pays with a cryptocurrency, it’s obviously very safe and anonymous. If they pay by credit card, all the information stays with the payment processor. It’s simple as that.”

The reality of the breach is a bit less shitty than that though, as the message of the prank has been leaked with the email address of the prankster, so even though a third party can’t easily connect the two, anybody that got pranked has enough information to know who prank them:

Troy Hunt covers this breach on his podcast (starting at 33:58 until 42:42):


Accounts breached: 23817

Breached on: August 08, 2022

Exposed data: Email addresses, IP addresses, Names, Physical addresses, Private messages, and Purchases

Domain: shitexpress.com

Added on: August 16, 2022

%d bloggers like this: