Just in time for holiday shipping, a security flaw was found in a U.S. Postal Service system that could have exposed the data of millions of customers.
The researcher, alerted a security expert, who reached out to the USPS to find out about the vulnerability that allowed anyone with an account with the USPS to view other users’ details and even be able to modify the other person’s settings, Fortune reported.
Some of the details exposed for the 60 million users were user ID, email address, phone number, account number and street address.
The news of the flaw apparently isn’t new to the USPS. The researcher claims he told officials there of the issue more than a year ago but didn’t get any response, Clark.com reported.
USPS officials said the issue has been corrected, but only after the expert, Brian Krebs, asked employees about it.
Informed Visibility allows users to track mail end-to-end.
Krebs said the vulnerability was due to a “wildcard” search, meaning search results could be return for all records of a data set, not pared down to specific terms. No hacking tools were needed to view the information other than being able to view and change data elements processed by browsers like Chrome or Firefox.
Since being alerted to the issue, the USPS has now introduced a validation step to prevent changes by an unauthorized person, Krebs said.
Click here to read more.