Email Addresses and Phone Numbers of More than 60 Million Users Exposed by USPS

After being contacted by Krebs On Security, the U.S. Postal Service (USPS) fixed a critical security issue that left the phone numbers and email addresses of more than 60 million users exposed to anyone with an account.

The security issue patched by the USPS that resided in an API authentication weakness would also allow potential malicious actors to also alter the account details of other users.

According to KrebsOnSecurity, "The API in question was tied to a Postal Service initiative called “Informed Visibility,” which according to the USPS is designed to let businesses, advertisers and other bulk mail senders “make better business decisions by providing them with access to near real-time tracking data” about mail campaigns and packages."

Despite the severity of the issue found by the anonymous researcher who initially informed KrebsOnSecurity about the vulnerability.

Comments