The United States Postal Service has patched an online security flaw that allowed anyone with an account at usps.com to view the account details of any of the 60 million people signed up to the service. In some cases, the flaw even allowed for changes to be made to information held by the accounts.
The United States Postal Service (USPS) has patched a security flaw that allowed anyone with an account at usps.com to view the account details of any of the 60 million people signed up to the service. In some cases, the flaw even allowed for changes to be made to those accounts.
In a post on his website, security specialist Brian Krebs said that he was recently contacted by a researcher who said he’d told the USPS about the flaw last year. After receiving no response, the researcher contacted Krebs, who took up the issue with the USPS. The Postal Service says it has now patched the bug.
Asked why it apparently took a year to deal with the issue, a USPS spokesperson told Digital Trends that it “has not been able to substantiate the claim… that the researcher reached out to us a year ago.
