USPS Security Flaw Exposes Personal Data of 60 Million People

USPS Security Flaw Exposes Personal Data of 60 Million People

A security hole in a mail preview program may have made the data of 60 million customers vulnerable.

  • By Sydny Shepard
  • Nov 28, 2018

A security hole in a mail preview program from the U.S. Postal Service could have exposed the data of more than 60 million customers, giving third parties access to information including when critical documents and checks are scheduled to arrive in people's mailboxes.

An anonymous researchers discovered the weakness in the "Informed Visibility" service, noting that a web component called an API pretty much allowed anyone with a USPS account to view details of other users and, in some cases, to modify those people's account details.

The USPS says it has patched the security hole, but seemingly only did so after a security expert got into contact with them about it. The anonymous researcher who originally pointed to the issue claims to have alerted postal authorities about the issue more than a year ago.

The security flaw also lets any user find the account details of other users, including email address, user ID, phone number and more. The postal service says it has no information that any customer records were accessed. 

Officials also say they are investigating further "out of an abundance of caution."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Creating Value for Security Integrators

    In recent years, we have seen an influx of security systems integrators getting on the recurring monthly revenue (RMR) bandwagon post-pandemic. During this time, the security industry has experienced a high demand for as-a-service offerings, not only from customers, but on the integration side. Read Now

  • Into the Breach: Why Employees Remain the Achilles Heel

    The past half decade has seen culture and flexibility springboard to the top of employees’ priority lists. As a recent survey conducted by job site Monster shows, 26% of U.S. workers would alarmingly rather get a root canal than work in the office five days a week, while 38% stated that they would consider quitting their jobs if they were told that they had to work in the office just one day a week. Read Now

  • Report: Cargo Theft Soars 49 Percent in First Half of 2024

    Freight hubs and major cities across North America are witnessing an alarming surge in cargo theft, with incidents skyrocketing by 49% in the first half of 2024 compared to the same period last year, Overhaul's United States & Canada H1 2024 Cargo Theft Report. Read Now

  • Manufacturing is Top Targeted Industry for Cybercrime So Far in 2024

    Critical Start, a provider of in Managed Detection and Response (MDR) cybersecurity solutions and a pioneer in Managed Cyber Risk Reduction (MCRR), recently released its biannual Cyber Threat Intelligence Report, featuring the top threats observed in the first half of 2024, and emerging cybersecurity trends impacting the manufacturing, healthcare, technology, professional services, engineering, and construction industries. The report also includes actionable insights to help organizations strengthen their security posture and proactively mitigate potential cyber risk. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3