- Super Smash Bros. Ultimate player’s trans flag removed for being ‘political’ Monday 7:37 PM
- Does Donald Trump Jr. know what American soldiers do? Monday 7:17 PM
- Sophie Turner has a hot take on Arya’s ‘Game of Thrones’ sex scene Monday 6:50 PM
- Parked Tesla Model S bursts into flames in shocking video Monday 3:12 PM
- Fortnite is getting an Avengers Endgame event Monday 2:44 PM
- The living are facing the end of the world in the latest ‘Game of Thrones’ Monday 2:37 PM
- The best Korean beauty toners for your skincare routine Monday 2:33 PM
- Warren’s plan to cancel student debt stimulates the bad-take economy Monday 2:27 PM
- Video shows Easter Bunny punching man on sidewalk Monday 2:09 PM
- The 7 best lubes for when you wanna do butt stuff Monday 2:00 PM
- 11 best sex toys under $35 to blow your mind Monday 1:30 PM
- Twitch streamer inadvertently documents all the times she was sexually, verbally harassed on vacation Monday 1:12 PM
- Raptors coach Nick Nurse becomes a relatable meme Monday 1:12 PM
- Man wears bandage that blends in with his skin tone, and Twitter has all the feelings Monday 12:55 PM
- The 8 best Korean sunscreens to add to your bag Monday 12:15 PM
AcrossTheAtlantic/Wikimedia Commons (CC-BY-SA)
The United States Postal Service (USPS) has reportedly fixed a security flaw that exposed data on 60 million of its online users.
According to cybersecurity expert Brian Krebs, the issue was first discovered by a security researcher more than a year ago and allowed any USPS.com account holder to view other users’ private data.
The security researcher, who asked to remain anonymous, was reportedly ignored by the USPS at the time despite revealing that user data—including account numbers, email addresses, street addresses, and phone numbers—were at risk.
“The problem stemmed from an authentication weakness in a USPS Web component known as an ‘application program interface,’ or API—basically, a set of tools defining how various parts of an online application such as databases and Web pages should interact with one another,” Krebs wrote.
After being alerted to the issue by Krebs, who was contacted by the security researcher last week, USPS promptly patched the vulnerability.
Despite recently carrying out a security audit of its systems, USPS failed to locate the problem itself.
Speaking with Krebs, Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley, described the issue as catastrophic.
“This is not even Information Security 101, this is Information Security 1, which is to implement access control,” Weaver said. “It seems like the only access control they had in place was that you were logged in at all. And if you can access other peoples’ data because they aren’t enforcing access controls on reading that data, it’s catastrophically bad and I’m willing to bet they’re not enforcing controls on writing to that data as well.”
- Free reverse phone lookup with Google: How it works
- How to see all the people who unfriended you on Facebook
- The 10 best torrent sites that are still up and running
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.