× Business
TelecomHealthcareDigital MarketingERPRetailMedia and EntertainmentOil and GasFood and BeveragesMarketing and AdvertisingBanking and InsuranceMetals and MiningLegalComplianceCryptocurrency
Technology
Big DataCloudIT ServiceSoftwareMobileSecurityNetworkingStorageCyber SecuritySAPData AnalysisloTBio TechQuality AssuranceEducationE-commerceGaming and VFXArtificial Intelligencescience-and-technology
Platform
Cisco DATABASE Google IBM Juniper Microsoft M2M Oracle Red hat Saas SYMANTEC
Leadership
CEO ReviewCMO ReviewCFO ReviewCompany Review
Magazines
US ASIA ARCHIVE
Startups Opinion Yearbook Readers Speak Contact Us

US Postal Service Exposed60 Million Users’ Data

siliconreview US Postal Service Exposed60 Million Users’ Data

Data breaches don’t seem to end at all. Another day, another breach!

Recently, the United States Postal Service (USPS) has fixed a critical bug on its official website. The bug was so serious that anyone with a USPS account could see details of some 60 million other users and in some cases, they could even modify the account details.

USPS is an independent agency of the American federal govt. and it is responsible for providing postal service in the nation. Also, it is one of those few govt. agencies that are authorized by the US Constitution.

According to KrebsOnSecurity, a security researcher (who remains anonymous) has already reported about the vulnerability more than a year ago, but he didn’t get any response from USPS. But, last week the researcher reached out to KrebsOnSecurity and it contacted the USPS to address the issue.

Talking about the vulnerability, it was linked with the website’s an authentication weakness in an API. The API was programmed in such a way that accepts any number of "wildcard" search parameters. Therefore, anyone could log in to usps.com to query the system for account details belonging to other users.

Fortunately, the USPS has patched this serious vulnerability and has added a validation step to prevent unauthorized changes. 

YOU MIGHT ALSO LIKE::

ENROLL FOR UPCOMING ISSUE