USPS would have corrected a website bug exposing data from 60 million users



[ad_1]

USPS

USPS would have fixed a bug on its website just in time for the holidays.

Getty Images

Just in time for the holiday shopping season, it appears that the US Postal Service has corrected a security breach that allowed all USPS.com account holders, approximately 60 million people, to see the personal data of other users. .

On Wednesday, Brian Krebs, a cybersecurity expert, wrote about the virus, indicating that he had been contacted last week by a researcher who had asked to remain anonymous. The researcher reportedly informed the USPS of his findings more than a year ago, but never received a response, Krebs said. Krebs then confirmed the findings of the researcher and contacted the USPS, "who quickly solved the problem."

Representatives of USPS did not immediately respond to a request for confirmation and comment on Thanksgiving Day.

Krebs said the flaw came from a weak authentication in an application program interface, or API, linked to its Informed Visibility program, which allows users to receive an analysis of all the incoming messages before delivery to their address. This program has been the subject of a notice from the Krebs secret service, identified earlier this month. warning that criminals could use the program to target fraudulent people by credit card.

The latest bug left USPS.com users logged in "query the system to get account details belonging to any other user", including email addresses, usernames, usernames, address, phone numbers etc.

[ad_2]
Source link