Security vulnerability caused million of USPS users data leaked

A long year ago, a researcher found critical security vulnerability in the official website of United States Postal Service. He even informed about it to the USPS but never received a response.

For your information, USPS is a postal agency authorized by the United States Constitution. It is located in North America. It is responsible for postal operations.

Last week, KrebsOnSecurity was contacted by the researcher and got know all about this. It is a big issue for over 60 million users, whose sensitive details got exposed.

Reason for the USPS vulnerability

To understand the reason of USPS vulnerability, firstly know the term API. The ALP or Application Program Interface is set of tools that help an online application such as databases or Websites to interact with each other. This API is tied to a postal Service initiative called “Informed Visibility”

According to USPS, Informed Visibility is designed to let businesses, and other bulk mail senders make better business decision. The vulnerabilities occurred due to weakness in this component, which allow the attacker to perform changes in all users’ accounts.

If an attacker managed to hack any of the users account, they possibly steal various details including usernames, user IDs, email address, account codes, residence addresses, contact numbers etc.

USPS had been ignoring this from long time

As it mentioned, the USPS did know about this problem for over one year. Sadly, they did not take any action to fix it until the researcher who did not want to reveal the identity contacted the postal service and reported about this vulnerability.

Now, the company stated taking care of the problems and ready to take actions against those have managed to misuse exposed details. Paul Bischoff, a privacy advocate has claimed that they do not know if some hacker has misused leaked data. But, since the vulnerability was ignored for over one year so anything has happened during that period.

Computer safety is necessary

You play important role in internet security. You must not register on an account which you would not trust. Any suspicious sites create risk of identity theft and financial issues. Furthermore, you should provide as less personal details as possible.

Moreover, you should create strong passwords that always are a combination of letters, numbers, and symbols. These are very hard to identity. We all know ones cannot control anything on one’s own; however, what is in the hand of one’s is keep everything secure.