USPS Security Flaw Exposes Personal Data of 60 Million People -- Security Today

USPS Security Flaw Exposes Personal Data of 60 Million People

A security hole in a mail preview program may have made the data of 60 million customers vulnerable.

By Sydny Shepard
Nov 28, 2018

A security hole in a mail preview program from the U.S. Postal Service could have exposed the data of more than 60 million customers, giving third parties access to information including when critical documents and checks are scheduled to arrive in people's mailboxes.

An anonymous researchers discovered the weakness in the "Informed Visibility" service, noting that a web component called an API pretty much allowed anyone with a USPS account to view details of other users and, in some cases, to modify those people's account details.

The USPS says it has patched the security hole, but seemingly only did so after a security expert got into contact with them about it. The anonymous researcher who originally pointed to the issue claims to have alerted postal authorities about the issue more than a year ago.

The security flaw also lets any user find the account details of other users, including email address, user ID, phone number and more. The postal service says it has no information that any customer records were accessed.

Officials also say they are investigating further "out of an abundance of caution."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

AI Used as Part of Sophisticated Espionage Campaign

A cybersecurity inflection point has been reached in which AI models has become genuinely useful in cybersecurity operation. But to no surprise, they can used for both good works and ill will. Systemic evaluations show cyber capabilities double in six months, and they have been tracking real-world cyberattacks showing how malicious actors were using AI capabilities. These capabilities were predicted and are expected to evolve, but what stood out for researchers was how quickly they have done so, at scale. Read Now
- Artificial Intelligence
Why the Future of Video Security Is Happening Outside the Cloud

For years, the cloud has captivated the physical security industry. And for good reasons. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. Read Now
- Video Surveillance
UL Solutions Launches Artificial Intelligence Safety Certification Services

UL Solutions Inc., a global leader in safety science, today announced the launch of artificial intelligence (AI) safety certification services, enabling comprehensive assessments for evaluating the safety of AI-powered products. Read Now
- Artificial Intelligence
ESA Announces Initiative to Introduce the SECURE Act in State Legislatures

The Electronic Security Association (ESA), the national voice for the electronic security and life safety industry, has announced plans to introduce the SECURE Act in state legislatures across the country beginning in 2025. The proposal, known as Safeguarding Election Candidates Using Reasonable Expenditures, provides a clear framework that allows candidates and elected officials to use campaign funds for professional security services. Read Now
- Guard Services
Ransomware Attacks Rise for the First Time in Six Months

Ransomware attacks have risen for the first time in six months, increasing by 28% month-on-month to 421 attacks. While overall attack volume remained below 500, the uptick may signal a renewed escalation heading into the year’s most active period for cyber criminals. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.
4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”