WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2026 Poal.co

215

This morning I received a number of emails from hungerrush, an online menu/ordering service. I've used them before when ordering pizza, in particular Jet's Pizza uses them for their order backend.

The emails indicate that the sender is has contacted hungerrush, has not received a reply, and is going to do malicious things with their database if they don't comply. Header analysis seems to indicate that the sender information is correct, although some tools seem unsure. Information in the email seems to indicate that it's a flex on the scammer's part and isn't directed at me.

I've notified some interested parties of this potential breach, but I thought it might be prudent to drop a note here for anyone that may have used that service.

email analysis

This morning I received a number of emails from hungerrush, an online menu/ordering service. I've used them before when ordering pizza, in particular Jet's Pizza uses them for their order backend. The emails indicate that the sender is has contacted hungerrush, has not received a reply, and is going to do malicious things with their database if they don't comply. Header analysis seems to indicate that the sender information is correct, although some tools seem unsure. Information in the email seems to indicate that it's a flex on the scammer's part and isn't directed at me. I've notified some interested parties of this potential breach, but I thought it might be prudent to drop a note here for anyone that may have used that service. [email analysis](https://poal.co/static/images/867c606660e4e482.png)
[–] 1 pt

What is sorely lacking in these ransom attack schemes is an independent third-party entity that tracks whether the attackers actually honor their promise of giving back access to the ransomed system once the money is paid.

Who could actually pay one of these ransomware companies off knowing there’s no guarantee of restoring access?

[–] 1 pt

You have to take an already known scammer's word for it. That's not any assurance at all.

[–] 1 pt

Hence the need for a third party. Once a third party can vouch, the value of maintaining positive status with them exceeds that of not returning access after the ransom is paid.

Think of the amount of effort that goes into gaining control of one of these systems. The win rate of actually getting paid the ransom is probably abysmally small since, as you said, there’s no reason to trust someone you already know is a hacker.

If that third party “plays fair” rating got the payout up to even 30% it’d be worth it to stay in their good graces.

On the other side of the equation, some of the legitimate companies whose systems get compromised probably would be willing to pay a ransom, if they had some reasonable assurance it’s only a one time hit and they get access back.

[–] 0 pt

Pro tip: they won’t. They don’t. They never do (statically).

I’m Always like what leaked? Do I care? My social number and all my data is online and on the dark.

Who gives fuck.

Lock your credit down and forget about it. Then start using unique emails for each login with a password keeper.

They want logins to money and crypto, that’s all they can really hope to get.

<Pink-bunny-turd@doesnotexist.com> is not used anywhere else on the web. So they have no cross hack vector.