USPS fixes online flaw that exposed the data of 60 million customers

By Trevor Mogg November 25, 2018

The United States Postal Service (USPS) has patched a security flaw that allowed anyone with an account at usps.com to view the account details of any of the 60 million people signed up to the service. In some cases, the flaw even allowed for changes to be made to those accounts.

In a post on his website, security specialist Brian Krebs said that he was recently contacted by a researcher who said he’d told the USPS about the flaw last year. After receiving no response, the researcher contacted Krebs, who took up the issue with the USPS. The Postal Service says it has now patched the bug.

Recommended Videos

Asked why it apparently took a year to deal with the issue, a USPS spokesperson told Digital Trends that it “has not been able to substantiate the claim … that the researcher reached out to us a year ago.”

Krebs said the bug concerned an authentication vulnerability in the usps.com API linked to a USPS service called “Informed Visibility,” which provides businesses, advertisers, and other bulk mail senders with access to near real-time tracking data connected with their mail campaigns and packages.

As well as exposing near real-time data about packages and mail being sent by USPS commercial customers, Krebs explained that the vulnerability let any logged-in usps.com user search the system for account details belonging to any other user, “such as email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data, and other information.”

Changes could also be made to that data, though Krebs noted that for some data fields, a validation step — such as a confirmation message sent to the email address linked to the account — prevented the alteration from taking place.

Highlighting the seriousness of the flaw, security researcher Krebs said that “no special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular web browser like Chrome or Firefox.” Those with the know-how would have been able to access information about who lived inside a particular premises by performing a regular search on its street address.

In a statement to Digital Trends, the Postal Service said: “Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”

The USPS added that at the current time there is no evidence to suggest that customer records have been exploited in any way.

Topics

Contributing Editor

Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…

Computing

How to change margins in Google Docs

Laptop Working from Home

When you create a document in Google Docs, you may need to adjust the space between the edge of the page and the content --- the margins. For instance, many professors have requirements for the margin sizes you must use for college papers.

You can easily change the left, right, top, and bottom margins in Google Docs and have a few different ways to do it.

Computing

What is Microsoft Teams? How to use the collaboration app

A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Online team collaboration is the new norm as companies spread their workforce across the globe. Gone are the days of primarily relying on group emails, as teams can now work together in real time using an instant chat-style interface, no matter where they are.

Using Microsoft Teams affords video conferencing, real-time discussions, document sharing and editing, and more for companies and corporations. It's one of many collaboration tools designed to bring company workers together in an online space. It’s not designed for communicating with family and friends, but for colleagues and clients.

Computing

Microsoft Word vs. Google Docs

A person using a laptop that displays various Microsoft Office apps.

For the last few decades, Microsoft Word has been the de facto standard for word processors across the working world. That's finally starting to shift, and it looks like one of Google's productivity apps is the heir apparent. The company's Google Docs solution (or to be specific, the integrated word processor) is cross-platform and interoperable, automatically syncs, is easily shareable, and perhaps best of all, is free.

However, using Google Docs proves it still has a long way to go before it can match all of Word's features -- Microsoft has been developing its word processor for over 30 years, after all, and millions still use Microsoft Word. Will Google Docs' low barrier to entry and cross-platform functionality win out? Let's break down each word processor in terms of features and capabilities to help you determine which is best for your needs.
How does each word processing program compare?
To put it lightly, Microsoft Word has an incredible advantage over Google Docs in terms of raw technical capability. From relatively humble beginnings in the 1980s, Microsoft has added new tools and options in each successive version. Most of the essential editing tools are available in Google Docs, but users who are used to Word will find it limited.