Blog

USPS Vulnerability May Have Exposed Millions of Users

Dec 12, 2018 | Blog

Do you have an account on USPS.com?  If so, you’re not alone.  Tens of millions of Americans use it daily for a variety of purposes.  Unfortunately, if you do have an account, it may have been compromised.

Recently, the USPS announced the discovery of a critical security vulnerability that exposed the account information of more than sixty million customers to literally anyone with a USPS.com account.

The flaw was discovered by a researcher who has chosen to keep his/her identity a secret, but essentially worked like this:

Any user logged into USPS.com could perform a search using any number of wildcard search parameters.  Given that, any user could search for the details of literally any other user on the system and get them.  Note that nearly any detail could be collected in this manner, including:

  • User name
  • Email address
  • Mailing address
  • Phone number
  • Authorized users
  • And more

Worst of all, the process of obtaining all the data could easily be automated and simply left to run and collect.

Setu Kulkarni, the VP of Strategy and Business Development at WhiteHat Security had this to say about the flaw:

“APIs are turning out to be a double-edged sword when it comes to internet scale B2B connectivity and security.  APIs, when insecure, break down the very premise of uber connectivity they have helped establish.

To avoid similar flaws, government agencies and companies must be proactive, not just reactive, in regard to application security.  Every business that handles consumer data needs to make security a consistent, top-of-mind concern with an obligation to perform the strictest security tests against vulnerable avenues:  APIs, network connections, mobile apps, websites, and databases.  Organizations that rely on digital platforms need to educate and empower developers to code using security best practices through the entire software lifecycle, with proper security training and certifications.”

The worst part about this incident was the fact that the unnamed security researcher reported the issue to the post office over a year ago.  It took that long for the agency to finally take action, and when they did, they were able to solve the problem in less than 48 hours.

While it’s unknown if anyone took advantage of the flaw, there’s no sense taking chances.  Assume the worst and act accordingly.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech