In the latest USPS news, a security flaw has exposed the personal data of at least 60 million who have used the U.S. Postal Service’s mailing capabilities recently.
The parcel service operator said that its mail preview program was hit with a security vulnerability that may have granted third parties access to information regarding critical documents and checks that were supposed to arrive in the mailboxes of its customers.
The flaw was discovered by an anonymous researcher who found it in the “Informed Visibility” service. The researcher said that an API, which is a web component, in the service essentially provided just about anyone with a USPS account the ability to view the details of other users.
In some cases, it gave users the option of modifying the account details of other users. The USPS security flaw has been fixed, according to the organization, but they only did so after cybersecurity expert Brian Krebs asked them to do so.
The anonymous researcher who notified Krebs about the security flaw may have reportedly notified the postal authorities about the flaw more than a year ago.
The security hole allowed anyone with an account to find the following account details of other users: email addresses, user IDs, phone numbers and more. The USPS says that it has no data that suggests that any customer records were accessed as a result of the flaw.