Flawed API of US Postal Services Exposed 60 Million Users Data

A ruinous security flaw in Application program Interface of US Postal Services exposed personal data of over 60 million usersover the course of 2017 & 2018.
This vulnerability on USPC’s website allowed anyone with an account at usps.com to view personal information & account details of other users. In some cases, this flaw even allowed users to modify the details in the affected accounts. The leaked information included user nameuser IDe-mail addressaccount numberstreet addresses & contact numbers of the users.
An anonymous researcher discovered this problem a year ago & informed US Postal Services, however, USPC failed to pay heed to researcher’s warning at that time.
USPS patched this issue last week when a cyber security investigator, Krebs flagged it.

Insight into the API Defect

The root-cause of the vulnerability is hitched to an authentication weakness in the site’s Application program Interface- an array of tools that defines how different parts of an online application like Web Pages & Database should interact.
The API of US Postal Services involved in issue was tied to a Postal Service Initiative named as “Informed Visibility”. According to US Postal Services, it was designed to let advertisers, Bulk mail sending services & other businesses extend the frontiers of their profession by enabling them the access to near real-time tracking data.
US Postal Services Temp1
Apart from exposing near real-time data about the mail campaigns & packages; the flaw enabled the logged in users access the accounts belonging to others & harvest their personal information. There are positives that compromised API would have let an attacker pull off anything from as many as 60 million USPS customer accounts.
Read More :- Click here

Comments

Post a Comment

Popular posts from this blog

How to Remove Search.newtabtvsearch.com or NewTabTV Redirect?

Image
Search.newtabtvsearch.com is a nasty browser hijacker that hijacks your browser to alter its homepage and new tab functionality. Besides that, it displays constant banners, pop-ups and annoying ads to diminish your overall browsing experience. What is Search.newtabtvsearch.com Redirect? Search.newtabtvsearch.com or Newtab-TV Redirect is a browser hijacker presented in the form of suspicious search engine. This search engine has been developed by Imali Media Ltd. and the company claims that the application let the users watch television, news and their favorite shows on their PC. It will replace the page you see when opening a new tab as given in the image below: Upon installation, Search.newtabtvsearch.com will present its search results to the user through http://search.yahoo.com. Browser extensions like Newtab-TV get installed as a result of software bundling along with free software or applications which the user download off the internet. Threat Summary   ...
Read more

How to Remove Search.search4ppl2.com Redirect from Your PC?

Image
Search.search4ppl2.com is a browser hijacker that will appear like some of the very popular search engines and undertakes modification to your essential browser settings. This browser hijacker comes bundled with the free software and applications that you download off the internet. It will set the home page, new tab and the default search engine of your browser to http://search.search4ppl2.com/ as shown in the image below: What is Search.search4ppl2.com Redirect? Search.search4ppl2.com is a Potentially Unwanted Program (PUP) from the browser hijacker category that overtakes the control of your browser and causes unwanted redirects to third party sites along with altering your search results. This browser hijacker intends to make revenue online by using Yahoo Search for displaying its search results to the user. Threat Summary  Name – Search.search4ppl2.com Redirect  Browsers Affected – Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge  Cat...
Read more

How to get rid of Malicious Turla Trojan?

Image
Guide to Remove Turla Trojan Turla, also known as Snake or Uroboros, is a malicious  Trojan  that has been targeting systems of government and military’s interest since year 2008.  Turla Trojan  is suspected to be originated by hackers from Russia. Turla Trojan Virus  has infected innumerable systems in around 45 countries like Iran, Kazakhstan, USA, Russia and China, with France ranking on the top of the hit list. The targets of  Turla Trojan Virus  include government entities like Ministry of Trade and Commerce, Ministry of Foreign/External affairs, intelligence agencies, embassies and educational firms. The attackers are focused on gathering the information about a country’s economy by deploying phishing e-mails smartly in targeted systems. Threat Behavior: Kaspersky, Symantec and The Laboratory of Cryptography & System Security conducted an analysis in Budapest, Hungary on the working methodology of  Turla Trojan . The analysis r...
Read more