Home Hacking News USPS Bug affects 60 Million Users, Finally Fixed.
Hacking NewsLatest Cyber Security News | Network Security HackingNews

USPS Bug affects 60 Million Users, Finally Fixed.

by Unallocated Author
written by Unallocated Author
USPS data breach

USPS has recently dealt with one of the biggest vulnerabilities that jeopardized the personal information of all of its 60 million plus users.

Apparently, the USPS website was exposed to a vulnerability that could have resulted in dire consequences.

The States’ Postal Agency’s mail tracking data, reportedly, remained susceptible, exposing the details of all of its customers to any of them. In other words, as a USPS certified mail tracking user, you could run a query and look-up for usernames, street addresses, phone numbers, e-mail Ids, and more details pertaining to any of the USPS users.

The most fearsome facet of this bug was that it is said to have enabled any of the USPS users, to request a modification in the personal details of another user. The worst is yet to come, the USPS does not have a reconfirmation step involved before updating or an informing step involved after updating these details.

All these drawbacks combined, further the risk of the victim never being able to discover the change, unless they log on to the USPS Portal.

The Discovery

In other words, if you were a user of the USPS, the data you probably wanted to keep accessible to advertisers and businesses, remained unconcealed to others. This vulnerability was reportedly experienced by an Anonymous Researcher who apparently, during the previous week, confided in Brian Krebs, an American Journalist, and Investigative Reporter.

Thereafter, the US-based Investigative Reporter verified the same, and diligently contacted the USPS, and the issue was duly addressed.

The Bug that caused it all

The unwelcome access was eventually traced to a vulnerable authentication system that lacked adequate control. The website’s API had an issue that exposed the details of all of its users to anyone logged into it, as a USPS user. This data should have been better-guarded as it could have given way to a successful credit card theft or identity theft.

Presently, the only credible safety measure is to sign-up for the Informed Delivery Service, like over 13 million USPS users already have.

 

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses