Skip to main content
  1. Home
  2. Web
  3. News

USPS fixes online flaw that exposed the data of 60 million customers

By

The United States Postal Service (USPS) has patched a security flaw that allowed anyone with an account at usps.com to view the account details of any of the 60 million people signed up to the service. In some cases, the flaw even allowed for changes to be made to those accounts.

In a post on his website, security specialist Brian Krebs said that he was recently contacted by a researcher who said he’d told the USPS about the flaw last year. After receiving no response, the researcher contacted Krebs, who took up the issue with the USPS. The Postal Service says it has now patched the bug.

Recommended Videos

Asked why it apparently took a year to deal with the issue, a USPS spokesperson told Digital Trends that it “has not been able to substantiate the claim … that the researcher reached out to us a year ago.”

Related

Krebs said the bug concerned an authentication vulnerability in the usps.com API linked to a USPS service called “Informed Visibility,” which provides businesses, advertisers, and other bulk mail senders with access to near real-time tracking data connected with their mail campaigns and packages.

As well as exposing near real-time data about packages and mail being sent by USPS commercial customers, Krebs explained that the vulnerability let any logged-in usps.com user search the system for account details belonging to any other user, “such as email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data, and other information.”

Changes could also be made to that data, though Krebs noted that for some data fields, a validation step — such as a confirmation message sent to the email address linked to the account — prevented the alteration from taking place.

Highlighting the seriousness of the flaw, security researcher Krebs said that “no special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular web browser like Chrome or Firefox.” Those with the know-how would have been able to access information about who lived inside a particular premises by performing a regular search on its street address.

In a statement to Digital Trends, the Postal Service said: “Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”

The USPS added that at the current time there is no evidence to suggest that customer records have been exploited in any way.

Editors' Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
How to enable picture-in-picture for YouTube on your Mac
Macbook Air

If you want to have a bit of music playing in the background or want to have your favorite YouTube video running in the corner of your screen, then the picture-in-picture YouTube feature needs to be on your radar. This allows you to turn your YouTube videos into a tiny pop-up window that can be moved and repositioned around your screen.

Mac users have several ways to activate the feature, including support on both Safari and Google Chrome. There's also a nifty Chrome extension that simplifies the task to a single button press. Here's a look at how to enable picture-in-picture for YouTube on your Mac.

Read more
How to change your Gmail password
pilot testing drivers licenses internet rolls two us states password

Changing your Gmail password is incredibly important for your online security. If you're anything like the average user, your Gmail account is linked to dozens of other organizations and programs – and if your account gets hacked, there's no telling what sort of damage can be done.

Because of this, it's crucial to change your Gmail password at regular intervals. Google makes this a rather painless process, and it should take no more than a few seconds from start to finish.

Read more
Best Buy deals: Save on laptops, TVs, appliances, and more
best buy shuts down insignia line smart home products store 2 768x768

Best Buy is always a great retailer to turn to if you’re looking for some savings. There are almost always Best Buy deals taking place on TVs, appliances, and devices we use to navigate the digital world. In fact, right now at Best Buy you can find some of the best TV deals, best laptop deals, and best phone deals that can be shopped, and we haven’t even mentioned the deals on tablets and home audio equipment currently taking place at Best Buy. We’ve rounded up all of the best Best Buy deals you can shop right now and categorized them for your convenience below, so read onward for some great opportunities to save.
Best Buy TV deals

There may be no better place to purchase one of the best TVs than Best Buy. There is almost always some huge savings to find on TVs at Best Buy, and that’s certainly the case right now. You’ll find deals top TV brands like Sony, Samsung, and LG, and more budget-friendly brands like TCL and Hisense are in play, too.

Read more