Industry Reactions to USPS Exposing User Data
November 28, 2018 / Eduard Kovacs
Security blogger Brian Krebs revealed recently that an API used by the United States Postal Service (USPS) had a vulnerability that potentially exposed the data of 60 million customers. Krebs learned of the security hole from an unnamed researcher who had reported the issue to USPS over a year ago. The flaw was only patched after the organization was contacted by the blogger. The vulnerability was related to the Informed Visibility tracking service. The flaw could have been exploited to obtain near real-time data about packages and mail, and it allowed logged-in users to access information on others, including email addresses, usernames, physical addresses, phone numbers, and account number.