Over 60 million users had their data exposed by the USPS
At this point, who hasn’t had their data breached?
Another day, another data breach, this time from the US Postal Service. The USPS Informed Delivery service sounds like a great idea, emailing you scans of your mail before it gets to your home. No more missing checks or lost credit cards or other important pieces of mail. At least, in theory.
A broken API in the service exposed over 60 million users to risk, also allowing a security researcher to pull millions of rows of data by sending wildcard requests to the server. The security hole has finally been patched, after repeated requests to the USPS.
More about the data breach
The anonymous researcher showed that the API accepted wildcards for many types of searches, allowing any user to see any other user’s information on the site. Noted security researcher Brian Krebs was told by USPS that they had investigated the hack and that:
Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information. Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity.
In addition, USPS has launched an investigation to find out if its systems were accessed inappropriately, and if so, pursue those to the fullest extent of the law.
Other ways identity thieves are abusing the service
Krebs also reported on identity thieves abusing the service to see what mail is arriving on which days, allowing them to swipe important documents at will.
We’ll have to wait and see what other issues arrive from this powerful tool, but that doesn’t mean you shouldn’t sign up for it. Scammers have been signing up households in order to apply for credit in their names.
- Firefox Monitor will now tell you if the website you’re on has suffered a data breach
- Google kept a massive data breach under wraps and now it’s all coming to light
- IoT security is a nightmare, here’s what you need to know