data breach
Over 60 million users had their data exposed by the USPS
At this point, who hasn’t had their data breached?
Another day, another data breach, this time from the US Postal Service. The USPS Informed Delivery service sounds like a great idea, emailing you scans of your mail before it gets to your home. No more missing checks or lost credit cards or other important pieces of mail. At least, in theory.
A broken API in the service exposed over 60 million users to risk, also allowing a security researcher to pull millions of rows of data by sending wildcard requests to the server. The security hole has finally been patched, after repeated requests to the USPS.
More about the data breach
The anonymous researcher showed that the API accepted wildcards for many types of searches, allowing any user to see any other user’s information on the site. Noted security researcher Brian Krebs was told by USPS that they had investigated the hack and that:
Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information. Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity.
In addition, USPS has launched an investigation to find out if its systems were accessed inappropriately, and if so, pursue those to the fullest extent of the law.
Other ways identity thieves are abusing the service
Krebs also reported on identity thieves abusing the service to see what mail is arriving on which days, allowing them to swipe important documents at will.
We’ll have to wait and see what other issues arrive from this powerful tool, but that doesn’t mean you shouldn’t sign up for it. Scammers have been signing up households in order to apply for credit in their names.
What do you think? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Firefox Monitor will now tell you if the website you’re on has suffered a data breach
- Google kept a massive data breach under wraps and now it’s all coming to light
- IoT security is a nightmare, here’s what you need to know
Follow us on Flipboard, Google News, or Apple News
Buying Guide
The best Steam Deck accessories (2023)
Buying Guide
Here are the best STEM toys on the market today
Deals of the Day
- Get a $50 Best Buy gift card with the purchase of a new unlocked Google Pixel 7a and save $50 with qualified activation
- Save up to 75% on select doorbusters
- Enjoy up to 45% off your home cyber security products at Kaspersky.com
- Save $620 on the Roomba s9+ Robot Vacuum, Braava m6 Robot Mop, & H1 Handheld Vacuum
- Save $230: LG NanoCell 75 Series 43" Alexa Built-in 4k Smart TV
- Save $260: 2021 Microsoft Xbox Series S 512GB Game All-Digital Console (Refurbished)
