A security flaw discovered in a U.S. Postal Service platform may have exposed the data of more than 60 million customers.
The vulnerability, uncovered by an anonymous security researcher, was found within an API of the USPS’s Informed Visibility mail tracking, TechCrunch reported. The researcher found that he could access data by sending wildcard requests to the server.
Informed Visibility is an enterprise-level sister service to the USPS’s standard Informed Delivery mail tracking service, which allows customers to see mail before it arrives. But reportedly, the flaw impacted all usps.com users.
According to cybersecurity journalist Brian Krebs, that security vulnerability could have allowed anyone with a standard usps.com account to view — and even modify — the account details of other users.
That includes email addresses, usernames, user IDs, account numbers, street addresses, phone numbers, mailing campaign data, and other private or sensitive information.
Related Posts:We truly are under attack. We need user support now more than ever! For as little as $10, you can support the IWB directly – and it only takes a minute. Thank you. 202 views