USPS fixes online flaw that exposed the data of 60 million customers

The United States Postal Service (USPS) has patched a security flaw that allowed anyone with an account at usps.com to view the account details of any of the 60 million people signed up to the service. In some cases, the flaw even allowed for changes to be made to those accounts.

In a post on his website, security specialist Brian Krebs said that he was recently contacted by a researcher who said he’d told the USPS about the flaw last year. After receiving no response, the researcher contacted Krebs, who took up the issue with the USPS. The Postal Service says it has now patched the bug.

Asked why it apparently took a year to deal with the issue, a USPS spokesperson told Digital Trends that it “has not been able to substantiate the claim … that the researcher reached out to us a year ago.”

Krebs said the bug concerned an authentication vulnerability in the usps.com API linked to a USPS service called “Informed Visibility,” which provides businesses, advertisers, and other bulk mail senders with access to near real-time tracking data connected with their mail campaigns and packages.

As well as exposing near real-time data about packages and mail being sent by USPS commercial customers, Krebs explained that the vulnerability let any logged-in usps.com user search the system for account details belonging to any other user, “such as email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data, and other information.”

Changes could also be made to that data, though Krebs noted that for some data fields, a validation step — such as a confirmation message sent to the email address linked to the account — prevented the alteration from taking place.

Highlighting the seriousness of the flaw, security researcher Krebs said that “no special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular web browser like Chrome or Firefox.” Those with the know-how would have been able to access information about who lived inside a particular premises by performing a regular search on its street address.

In a statement to Digital Trends, the Postal Service said: “Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”

The USPS added that at the current time there is no evidence to suggest that customer records have been exploited in any way.

Social Media

Twitter privacy scare as bug reveals tweets of protected accounts

If you set your Twitter account to private and you have an Android device, you'd better check your settings now. Twitter says it's just fixed a four-year-old bug that flipped the privacy switch to make the account public.

Having trouble logging in? Here’s how to reset your Apple ID password

To use any of Apple's services, you need to have an Apple ID and know your password. Thankfully, there are ways to deal with forgotten passwords and regain access to your account. Here's how to reset your Apple ID password.

‘Fortnite’ security flaw let hackers spy on players through microphones

A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations using the in-game microphone. It has been addressed.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.

Make a GIF of your favorite YouTube video with these great tools

Making a GIF from a YouTube video is easier today than ever, but choosing the right tool for the job isn't always so simple. In this guide, we'll teach you how to make a GIF from a YouTube video with our two favorite online tools.

Apple Maps boosts Flyover locations, indoor mall maps, and more

In a boost for Apple Maps, the tech company has recently added more than 50 new locations for Flyover, the feature that offers spectacular 3D photo views of particular cities and famous landmarks around the world.
Smart Home

Booth babes, banned sex toys, and other mishaps at CES 2019

From female sex toys bans, to fake Tesla/robot collision stories, there was some weird stuff going on at CES 2019 this year. Here are some of the biggest mishaps and flubs at the world's biggest tech show.

Google has found a clever way to make your search history more useful

Google has found a clever way to make more use of your search history by showing links to pages you've visited before. Ideal for repeat searches for the same page, the links show up on cards at the top of mobile search results.

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.
Social Media

A quick swipe will soon let you keep bingeing YouTube on mobile devices

The YouTube mobile app has a new, faster way to browse: Swiping. Once the update rolls out, users can swipe to go to the next (or previous) video in the recommended list, even while viewing in full screen.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.

Cathay Pacific messes up first-class ticket prices — again

A couple of weeks ago, an error on Cathay Pacific's website resulted in first-class seats selling for a tenth of the price. On Sunday, January 13, the airline made the error again. The good news is that it'll honor the bookings.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.