A security flaw discovered in a U.S. Postal Service platform may have exposed the data of more than 60 million customers.
The vulnerability, uncovered by an anonymous security researcher, was found within an API of the USPS’s Informed Visibility mail tracking, TechCrunch reported. The researcher found that he could access data by sending wildcard requests to the server.
Informed Visibility is an enterprise-level sister service to the USPS’s standard Informed Delivery mail tracking service, which allows customers to see mail before it arrives. But reportedly, the flaw impacted all usps.com users.
According to cybersecurity journalist Brian Krebs, that security vulnerability could have allowed anyone with a standard usps.com account to view — and even modify — the account details of other users.
That includes email addresses, usernames, user IDs, account numbers, street addresses, phone numbers, mailing campaign data, and other private or sensitive information.