According to a report, the United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.
The U.S.P.S. is an independent agency of the American federal government responsible for providing postal service in the United States and is one of the few government agencies explicitly authorized by the United States Constitution.
The vulnerability is tied to an authentication weakness in an application programming interface (API) for the USPS "Informed Visibility" program designed to help business customers track mail in real-time. The API was programmed to accept any number of "wildcard" search parameters, enabling anyone logged in to usps.com to query the system for account details belonging to any other user.
This seems attacker could have pulled off email addresses, usernames, user IDs, account numbers, street addresses, phone numbers, authorized users and mailing campaign data from as many as 60 million USPS customer accounts. The API authentication vulnerability also allowed any USPS user to request account changes for other users, such as their email addresses, phone numbers or other key details. But USPS responds that they have no information about this vulnerability was leveraged to exploit customer records.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
