• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

USPS Site Exposed Data on 60 Million Users

November 28, 2018 by Satwika Balakrishnan 1 Comment

U.S. Postal Service just fixed a security flaw that allowed anyone who has an account at usps.com to view account details for some 60 million other users. They could even modify the account details on their behalf! The problem arose out of a security weakness in the API. The API accepted “wildcard” search parameters. This API was tied to a Postal Service initiative called “Informed Visibility,” which was designed to let businesses, advertisers and other bulk mail senders “make better business decisions by providing them with access to near real-time tracking data” about mail campaigns and packages. So, the real time data about packages and mail being sent by USPS commercial customers was being exposed. Also, any logged-in user could query the system for account details belonging to other users, such as their email addresses, usernames, account number, street address, phone number, etc.

Another fact that alarmed me was that the flaw was discovered and reported to the USPS over a year ago, but they never acted on it until now.

https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/

Filed Under: Week 12: Web Services Tagged With:

Reader Interactions

Comments

  1. Nishit Darade says

    December 17, 2018 at 9:21 am

    Hi Satwika,

    This is very surprising information to find regarding USPS who handles such a high volume of PII data.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in