Over 60 million users had their data exposed by the USPS

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Another day, another data breach, this time from the US Postal Service. The USPS Informed Delivery service sounds like a great idea, emailing you scans of your mail before it gets to your home. No more missing checks or lost credit cards or other important pieces of mail. At least, in theory.

A broken API in the service exposed over 60 million users to risk, also allowing a security researcher to pull millions of rows of data by sending wildcard requests to the server. The security hole has finally been patched, after repeated requests to the USPS.

More about the data breach

The anonymous researcher showed that the API accepted wildcards for many types of searches, allowing any user to see any other user’s information on the site. Noted security researcher Brian Krebs was told by USPS that they had investigated the hack and that:

Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information. Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity.

In addition, USPS has launched an investigation to find out if its systems were accessed inappropriately, and if so, pursue those to the fullest extent of the law.

Other ways identity thieves are abusing the service

Krebs also reported on identity thieves abusing the service to see what mail is arriving on which days, allowing them to swipe important documents at will.

We’ll have to wait and see what other issues arrive from this powerful tool, but that doesn’t mean you shouldn’t sign up for it. Scammers have been signing up households in order to apply for credit in their names.

What do you think? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• Firefox Monitor will now tell you if the website you’re on has suffered a data breach
• Google kept a massive data breach under wraps and now it’s all coming to light
• IoT security is a nightmare, here’s what you need to know

Joe Rice-Jones

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.