The US Postal Service says it’s fixed a security weakness on usps.com that let anyone see the personal account info of its users, including usernames and street addresses. The open vulnerability was reportedly identified over a year ago by an independent researcher but USPS never patched it until this week, when Krebs on Security flagged the issue.
The vulnerability included all 60 million user accounts on the website. It was caused by an authentication weakness in the site’s application programming interface (API) that allowed anyone to access a USPS database offered to businesses and advertisers to track user data and packages. The API should have verified whether an account had permissions to read user data but USPS didn’t have such...
from The Verge - All Posts https://ift.tt/2R4vSml
No comments:
Post a Comment
Please let me know