USPS Data Breach
The United States Postal Service (USPS) has recently fixed a security vulnerability which exposed data of over 60 million people. The people all had accounts with usps.com during 2017 and 2018. The exposed data included things such as phone numbers, addresses, and usernames. Here’s what we know about the USPS Data Breach
Krebs on Security reported that an independent researcher had informed USPS about the flaw more than a year ago but received no response. The Postal Service didn’t address the issue until this week after it was contacted by cybersecurity specialist Brian Krebs.
The security vulnerability has now been fixed, and USPS says it will continue to look into the issue “out of an abundance of caution.” The agency has said that it has no reason to believe that any of its users’ account details were accessed by hackers.
The bug stemmed from an authentication weakness in the usps.com API tied to a free USPS program called “Informed Visibility,” which lets users track their mail in “near real-time.” Before the loophole was closed, anyone with a standard usps.com account could view — and in some cases, even modify — the account details of other users.
“No special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular web browser like Chrome or Firefox,” Krebs said.
In a statement, USPS officials stressed that they’re taking the issue seriously.
“Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information. Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity,” the agency told Krebs.
“Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”
Do you have any feelings on the USPS Data Breach? How are you responding to the newly reported vulnerability? Comment below and let us know your thoughts. Want to keep them private? Shoot us an email to Outreach@