USPS took a year to fix a vulnerability that exposed all 60 million users’ data

USPS took a year to fix a vulnerability that exposed all 60 million users’ data

6 years ago
Anonymous $L9wC17otzH

https://www.theverge.com/2018/11/22/18107945/usps-postal-service-data-vulnerability-security-patch-60-million-users

The US Postal Service says it’s fixed a security weakness on usps.com that let anyone see the personal account info of its users, including usernames and street addresses. The open vulnerability was reportedly identified over a year ago by an independent researcher but USPS never patched it until this week, when Krebs on Security flagged the issue.

The vulnerability included all 60 million user accounts on the website. It was caused by an authentication weakness in the site’s application programming interface (API) that allowed anyone to access a USPS database offered to businesses and advertisers to track user data and packages. The API should have verified whether an account had permissions to read user data but USPS didn’t have such controls in place.

Last Seen
4 hours ago
Reputation
0
Spam
0.000
Last Seen
51 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
26 minutes ago
Reputation
0
Spam
0.000
Last Seen
58 seconds ago
Reputation
0
Spam
0.000
Last Seen
16 minutes ago
Reputation
0
Spam
0.000
Last Seen
36 minutes ago
Reputation
0
Spam
0.000
Last Seen
12 minutes ago
Reputation
0
Spam
0.000
Last Seen
53 minutes ago
Reputation
0
Spam
0.000
Last Seen
35 minutes ago
Reputation
0
Spam
0.000
Last Seen
6 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
4 minutes ago
Reputation
0
Spam
0.000
Last Seen
11 minutes ago
Reputation
0
Spam
0.000
Last Seen
25 minutes ago
Reputation
0
Spam
0.000
Last Seen
9 seconds ago
Reputation
0
Spam
0.000