Flawed API of US Postal Services Exposed 60 Million Users Data
A ruinous security flaw in Application program Interface of US Postal Services exposed personal data of over 60 million users over the course of 2017 & 2018. This vulnerability on USPC’s website allowed anyone with an account at usps.com to view personal information & account details of other users. In some cases, this flaw even allowed users to modify the details in the affected accounts. The leaked information included user name , user ID , e-mail address , account number , street addresses & contact numbers of the users. An anonymous researcher discovered this problem a year ago & informed US Postal Services, however, USPC failed to pay heed to researcher’s warning at that time. USPS patched this issue last week when a cyber security investigator, Krebs flagged it. Insight into the API Defect The root-cause of the vulnerability is hitched to an authentication weakness in the site’s Applicati...