Contact Contact Us

US Postal Service Fixes Website Flaw That Exposes Data Of 60 Million Users

The US Postal Service (USPS) fixed a website flaw that allowed any user who has an account at usps[.]com to view the account details of 60 million users and modify some of them. The flaw was caused by an authentication weakness in the website’s application program interface (API) tied to an initiative called ‘Informed Visibility’, which provides customers near real-time tracking data. The flaw allowed users to query details of other users, including their usernames, user IDs, email addresses, account numbers, home addresses, phone numbers, mailing campaign data, and so on. The flaw also allowed any user to request account changes for other users.

[1] USPS Site Exposed Data on 60 Million Users
[2] USPS finally fixes website flaw that exposed 60 million users' data

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883