USPS Security Flaw Exposes Personal Data of 60 Million People -- Security Today

USPS Security Flaw Exposes Personal Data of 60 Million People

A security hole in a mail preview program may have made the data of 60 million customers vulnerable.

By Sydny Shepard
Nov 28, 2018

A security hole in a mail preview program from the U.S. Postal Service could have exposed the data of more than 60 million customers, giving third parties access to information including when critical documents and checks are scheduled to arrive in people's mailboxes.

An anonymous researchers discovered the weakness in the "Informed Visibility" service, noting that a web component called an API pretty much allowed anyone with a USPS account to view details of other users and, in some cases, to modify those people's account details.

The USPS says it has patched the security hole, but seemingly only did so after a security expert got into contact with them about it. The anonymous researcher who originally pointed to the issue claims to have alerted postal authorities about the issue more than a year ago.

The security flaw also lets any user find the account details of other users, including email address, user ID, phone number and more. The postal service says it has no information that any customer records were accessed.

Officials also say they are investigating further "out of an abundance of caution."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Live from GSX 2024: Post-Show Recap

Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now
- Industry Events
- GSX
Research: Cybersecurity Success Hinges on Full Organizational Support

Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now
- Cybersecurity
Live from GSX 2024: Day 3 Recap

And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now
- Industry Events
- GSX
Bringing New Goods to Market

The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now
- Industry Events
- GSX

Webinars

Push-to-Talk over Cellular – The NEXT Revolution
Napco Access Pro, Eagle Eye Networks Inc, Occupational Health & Safety, Security Today

The Security and Safety Summit
Salient Systems, Hanwha Vision (formerly Hanwha Techwin), Omnilert, Eagle Eye Networks Inc, HID Global, i-PRO Americas Inc., Arcules, Napco Access Pro

Before And After The School Bell Rings: K-12 Life Safety is 24-7-365

Whitepapers

Securitas Technology

Optimizing Security and Business Performance
American Funding Solutions

Securing Cash Flow: How Invoice Factoring Helps Security Companies Grow
Arcules

Physical security shift happens

New Products

Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3
Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3
ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

USPS Security Flaw Exposes Personal Data of 60 Million People

16,000 Registrants from 86 Nations Participate in GSX 2024

Security Industry Association Announces Winners for the 2024 James Rothstein Business Scholarship

PureTech Systems Inc. Awarded Major Command and Control Contract by U.S. Government to Enhance National Security

Local Law Enforcement Heroes Honored at a Challenge Coin Ceremony Hosted by 3Si at GSX 2024

IDIS Americas Releases AI-Powered, License-Free VMS

Biden Administration Proposes Ban on Chinese Vehicles and Russian Tech for Autonomous Vehicles on U.S. Roads

Security Industry Association Announces New Advisory Board for SIA Veterans in Security Community