USPS Security Flaw May Have Exposed Millions of Customers' Data

USPS security flaw: Millions may have had personal information exposed by Informed Visibility system

Just in time for holiday shipping, a security flaw was found in a U.S. Postal Service system that could have exposed the data of millions of customers.

A researcher, whose name was not released, said that he found a hole in the USPS’ “Informed Visibility” system, Fortune reported.

The researcher, alerted a security expert, who reached out to the USPS to find out about the vulnerability that allowed anyone with an account with the USPS to view other users’ details and even be able to modify the other person’s settings, Fortune reported.

>> Read more trending news 

Some of the details exposed for the 60 million users were user ID, email address, phone number, account number and street address.

The news of the flaw apparently isn’t new to the USPS. The researcher claims he told officials there of the issue more than a year ago but didn’t get any response, reported.

USPS officials said the issue has been corrected, but only after the expert, Brian Krebs, asked employees about it.

Informed Visibility allows users to track mail end-to-end. 

Krebs said the vulnerability was due to a “wildcard” search, meaning search results could be return for all records of a data set, not pared down to specific terms. No hacking tools were needed to view the information other than being able to view and change data elements processed by browsers like Chrome or Firefox.

Since being alerted to the issue, the USPS has now introduced a validation step to prevent changes by an unauthorized person, Krebs said

Click here to read more.

Thank you for reading the Dayton Daily News and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.

Thank you for supporting in-depth local journalism with your subscription to the Dayton Daily News. Get more news when you want it with email newsletters just for subscribers. Sign up here.