USPS reportedly fixes website bug that exposed data of 60M users
Cyber Security

USPS reportedly fixes website bug that exposed data of 60M users

Just in time for the holiday shopping season, it appears the US Postal Service has fixed a security flaw that allowed all USPS.com account holders, some 60 million people, to see personal details of fellow .

Cybersecurity expert Brian Krebs on Wednesday wrote about the bug, noting that he was contacted last week by a researcher who asked to remain anonymous. The researcher informed USPS about his findings more than a year ago, but never received a response, Krebs said. Krebs then confirmed the researcher’s findings and contacted the USPS, “which promptly addressed the issue.”

Related Posts

How AI, Machine Learning, and Endpoint Security Overlap

11 Useful Security Tips for Securing Your AWS Environment

USPS representatives didn’t immediately respond to a request for confirmation and comment on Thanksgiving Day.

Krebs said the flaw stemmed from an authentication weakness in an application program interface, or API, tied to its Informed Visibility program, which lets users receive a scan of all incoming mail before it’s delivered to their address. That program was the subject of a US Secret Service advisory Krebs tracked down earlier this month warning that criminals could use the program to target people for credit card fraud.

The latest bug let any logged-in USPS.com users “query the system for account details belonging to any other users,” including email addresses, usernames, user IDs, street address, phone numbers and more, Krebs said.

You might also like

Google Launches Cybersecurity Career Certificate Program

ChatGPT Emerges as Key AI Tech for Security Vendors

Hackers Use HTML Smuggling To Distribute Malware by E-mail

5 safety tips to follow while making digital payment transactions

Leave A Reply

Your email address will not be published.