US Postal Service Left 60 Million Users Data Exposed For Over a Year

US Postal Service Left 60 Million Users Data Exposed For Over a Year
– Swati Khandelwal

News just came out that United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.

The vulnerability was tied to an authentication weakness in an application programming interface(API). According to the cybersecurity researcher, who has not disclosed his identity, the API was programmed to accept any number of “wildcard” search parameters, enabling anyone logged in to usps.com to query the system for account details belonging to any other user.

The vulnerability was reported almost a year ago and it took outside intervention to address this serious vulnerability. As of now there is no evidence to support that this vulnerability was taken advantage of.

Reference: https://thehackernews.com/2018/11/usps-data-breach.html