USPS Security Flaw Exposes Personal Data of 60 Million People

USPS Security Flaw Exposes Personal Data of 60 Million People

A security hole in a mail preview program may have made the data of 60 million customers vulnerable.

  • By Sydny Shepard
  • Nov 28, 2018

A security hole in a mail preview program from the U.S. Postal Service could have exposed the data of more than 60 million customers, giving third parties access to information including when critical documents and checks are scheduled to arrive in people's mailboxes.

An anonymous researchers discovered the weakness in the "Informed Visibility" service, noting that a web component called an API pretty much allowed anyone with a USPS account to view details of other users and, in some cases, to modify those people's account details.

The USPS says it has patched the security hole, but seemingly only did so after a security expert got into contact with them about it. The anonymous researcher who originally pointed to the issue claims to have alerted postal authorities about the issue more than a year ago.

The security flaw also lets any user find the account details of other users, including email address, user ID, phone number and more. The postal service says it has no information that any customer records were accessed. 

Officials also say they are investigating further "out of an abundance of caution."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • UL Solutions Launches Artificial Intelligence Safety Certification Services

    UL Solutions Inc., a global leader in safety science, today announced the launch of artificial intelligence (AI) safety certification services, enabling comprehensive assessments for evaluating the safety of AI-powered products. Read Now

  • ESA Announces Initiative to Introduce the SECURE Act in State Legislatures

    The Electronic Security Association (ESA), the national voice for the electronic security and life safety industry, has announced plans to introduce the SECURE Act in state legislatures across the country beginning in 2025. The proposal, known as Safeguarding Election Candidates Using Reasonable Expenditures, provides a clear framework that allows candidates and elected officials to use campaign funds for professional security services. Read Now

    • Guard Services

  • Ransomware Attacks Rise for the First Time in Six Months

    Ransomware attacks have risen for the first time in six months, increasing by 28% month-on-month to 421 attacks. While overall attack volume remained below 500, the uptick may signal a renewed escalation heading into the year’s most active period for cyber criminals. Read Now

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.