based on how coffeezilla talks about it, how easy it is and similar stories from the past, i suspect that their website generated shipping labels, receipts or whatever automatic documentation that is given to customers as a proof of purchase, and stored it on the server in a way that could be publicly served to everyone not just the original customer. this way you just have to know the file's name, which was probably generated in a deterministic way, in order to extract people's information. with this you usually won't get everyone's information so 10k is probably an underestimate.

if this is the exploit, this is basic web security from like early 2000, with reoccurring minor drama about small sites fucking it up until mid 2010s. they either hired some boomer (or worse former government contractor) to shit it out with raw php or some kid (and i mean literal kid, most likely 14 as even 15 year olds won't make this mistake) to do this as a summer job. embarrassing even if this wasn't how it was done.

EDIT: looking again at the coffee video, the data has a column account_status which wouldn't make sense with what i just described. however it could be basic SQL injection, which is still laughable but increases the age rage from 14 to 16. just wanted to say the original comment i made 10 minutes ago is wrong lmao.

I get that dumbasses like coffeezilla were likely doing it to get info to make content with but wtf did he expect, really? I'm sure he was just getting one to glean whatever info he could, but he also should have used a remailer service and a throwaway cc number. Did anyone expect a secure, seamless experience when dealing with the dang Cheeto in the White House?

Crime is legal

Lol scam phone

In case anyone around here was considering it, it is a bad idea to buy a Trump Phone before they get this fixed.

I found a YouTube link in your post. Here are links to the same video on alternative frontends that protect your privacy:

• yewtu.be
• inv.nadeko.net
• yt.artemislena.eu
• piped.video