US Postal Service Left 60 Million Users Data Exposed For Over a Year
– Swati Khandelwal
News just came out that United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.
The vulnerability was tied to an authentication weakness in an application programming interface(API). According to the cybersecurity researcher, who has not disclosed his identity, the API was programmed to accept any number of “wildcard” search parameters, enabling anyone logged in to usps.com to query the system for account details belonging to any other user.
The vulnerability was reported almost a year ago and it took outside intervention to address this serious vulnerability. As of now there is no evidence to support that this vulnerability was taken advantage of.
Reference: https://thehackernews.com/2018/11/usps-data-breach.html
Facebook hack victims will not get ID theft protection
– Dave Lee
On Friday it revealed 14 million users had highly personal information stolen by hackers. It included search history, location data and information about relationships, religion and more. This information can be used by cyber criminals to create social engineering based theft programs on the 14 million affected users.
Typically, companies affected by large data breaches – such as Target, in 2013 – provide access to credit protection agencies and other methods to lower the risk of identity theft. But a Facebook spokeswoman told the BBC it would not be taking this step “at this time”. Users would instead be directed to the website’s help section. The spokesperson would not say if the help pages in question had been updated since the company discovered the recent breach.
Reference: https://www.bbc.com/news/technology-45845431?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-correspondent