U.S. Postal Service exposes data from millions of users

The US Postal Service (USPS) has fixed a vulnerability in its website API, which allowed any registered user to access the personal data and requests of all existing users on the platform, a total of 60 million accounts.

An anonymous researcher discovered and reported the problem in early October 2018 to Brian Krebs, author of the blog Krebs on Security, after he had tried to contact the mail service a year earlier without getting a response.

The mail company issued a statement confirming that they were able to mitigate the vulnerability thanks to information shared by Krebs investigation. In addition, it indicated that it had no information that the vulnerability had been used to exploit its customers' records.