Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News US Postal Service Left 60 Million Users Data Exposed For Over a Year
#1
[Image: images?q=tbn:ANd9GcRzYHYj290IUlHjNi4noaW...WSoiQuPPgQ]


    USPS, or the United States Postal Service, recently patched a vulnerability that exposed sensitive information belonging to 60 million users. 

  The vulnerability itself was tied to a weakness in the application programming interface. [API] The API was tied to the "Informed Visibility" program that allows users to track their packages in real time. According to the cyber security researcher [identity as of yet is unknown] the faulty API was programmed to accept any [wildcard] search parameters, this could have allowed anyone logged in to query the system and retrieve the account information of any other user.


   What's more is the reaction from USPS regarding the matter. The researcher reportedly found and reported the vulnerability to USPS, who then ignored it and left the hole open to anyone who wanted to appropriate the information. This was until last week, a journalist by the name of Brian Krebs, contacted USPS on behalf of the researcher. 


    USPS had this to say: 


    "We currently have no information that this vulnerability was leveraged to exploit customer records."


"Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law."



     That was the news, have a good week, and stay safe out there. 


     ----Mad-Architect
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply
#2
Well, That is shitty.
Who is responsible now?
Rs
* Thankful to Allah *
Kurdy
Reply
#3
USPS is responsible, they just don't seem to want to take it at face value
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Data Breaches Exposes Vets, COVID-19 Patients News 0 97 09-16-2020, 02:03 AM
Last Post: News
Brick News Website Security Breach Exposes 1 Million DNA Profiles Mr.Kurd 0 195 07-25-2020, 10:25 PM
Last Post: Mr.Kurd
Thumbs Up News Citrix Bugs Allow Unauthenticated Code Injection, Data Theft Mr.Kurd 1 343 07-15-2020, 12:28 AM
Last Post: EthelCrife
Heart News Zoom Offers Custom Data Routing To Paid Users Mr.Kurd 0 698 04-16-2020, 06:47 AM
Last Post: Mr.Kurd
Star News Zoom will soon let some users choose which countries their data is routed through Mr.Kurd 0 420 04-14-2020, 09:07 AM
Last Post: Mr.Kurd
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 361 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Star News Microsoft Edge Now Alerts Users Of Breached Passwords Mr.Kurd 0 406 04-03-2020, 08:09 AM
Last Post: Mr.Kurd
Smile News Zoom Conferencing App Exposes Users Email IDs And Photos To Other Users Mr.Kurd 0 414 04-03-2020, 07:58 AM
Last Post: Mr.Kurd
Rainbow News Tekya Clicker Malware Hides in 56 Apps that Downloaded 1 Million Times on GooglePlay Mr.Kurd 0 343 03-27-2020, 11:47 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 410 03-26-2020, 09:03 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)