Post Office flaw exposed 60 million users

The United States Postal Service is finally fixing an error that exposed the data of 60 million users of their website. According to the security experts at Krebs on Security, USPS was informed of the flaw over a year ago.

A flaw in the websites API meant that anyone who happened to have an account on the USPS site could (if they had a bit of computer knowledge on how to query the system) look up the address, phone number, username, and other data of anyone else who has an account.

For example, someone who has your email address might be able to find your home address or phone number. Crooks might be able to access the mailing lists of large companies and use those address to target customers with scam letters, emails, or calls relating to their accounts and that the issue had been fixed.

According to the Post Office, they have no evidence that criminals were able to use this flaw to target consumers.

As always, be very careful with any correspondence either via the Post Office or email that claims to relate to an account.

You can learn more about the security flaw at Krebs on Security.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.