based on how coffeezilla talks about it, how easy it is and similar stories from the past, i suspect that their website generated shipping labels, receipts or whatever automatic documentation that is given to customers as a proof of purchase, and stored it on the server in a way that could be publicly served to everyone not just the original customer. this way you just have to know the file’s name, which was probably generated in a deterministic way, in order to extract people’s information. with this you usually won’t get everyone’s information so 10k is probably an underestimate.
if this is the exploit, this is basic web security from like early 2000, with reoccurring minor drama about small sites fucking it up until mid 2010s. they either hired some boomer (or worse former government contractor) to shit it out with raw php or some kid (and i mean literal kid, most likely 14 as even 15 year olds won’t make this mistake) to do this as a summer job. embarrassing even if this wasn’t how it was done.
EDIT: looking again at the coffee video, the data has a column account_status which wouldn’t make sense with what i just described. however it could be basic SQL injection, which is still laughable but increases the age rage from 14 to 16. just wanted to say the original comment i made 10 minutes ago is wrong lmao.
I get that dumbasses like coffeezilla were likely doing it to get info to make content with but wtf did he expect, really? I’m sure he was just getting one to glean whatever info he could, but he also should have used a remailer service and a throwaway cc number. Did anyone expect a secure, seamless experience when dealing with the dang Cheeto in the White House?
I would have to assume that both YouTubers used a PO box for their orders. Im not sure why you would consider coffeezilla a dumbass, I don’t think I’ve ever seen something from his corner that would be objectionable.
He states ‘my mailing address, phone number, and credit card info’
That’s a dumbass move.
I haven’t seen the actual data leaked, I don’t have time to watch a video, but you’re paraphrase still doesn’t mean that he couldn’t have put a PO box, a burner phone, And a temporary credit card number.
The dude has made a career out of exposing scammers, I doubt that he actually put his home address and his personal cell phone number.
Crime is legal
Lol scam phone
I love the cope from turboCHUDs saying “it’s not a scam, the phone is real!!!”
I love that this isn’t even the only Trump scam phone, this is just the one that is a real product
In case anyone around here was considering it, it is a bad idea to buy a Trump Phone before they get this fixed.
Removed by mod
I found a YouTube link in your post. Here are links to the same video on alternative frontends that protect your privacy:
