[et_pb_section bb_built=”1″ fullwidth=”on” _builder_version=”3.13.1″ background_image=”https://www.mdsny.com/wp-content/uploads/2018/11/USPS-Truck.jpg” background_position=”center_right” background_blend=”darken” custom_padding=”0px|0px|0px|0px” next_background_color=”#ffffff”][et_pb_fullwidth_header title=”US Postal Service exposes the data of 60 Million of its users” text_orientation=”center” background_overlay_color=”rgba(0,0,0,0.42)” title_font_color=”#ffffff” _builder_version=”3.13.1″ title_font=”Droid Serif||||” title_text_color=”#ffffff” title_font_size=”37px” background_color=”rgba(255, 255, 255, 0)” background_layout=”light”]

 

[/et_pb_fullwidth_header][/et_pb_section][et_pb_section bb_built=”1″ _builder_version=”3.0.65″ custom_padding=”12px|0px|0px|0px” prev_background_color=”#000000″ next_background_color=”rgba(224,224,224,0.22)”][et_pb_row make_fullwidth=”on” custom_padding=”27px|1px|0|2px|false|false” _builder_version=”3.0.65″][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.0.74″ text_font=”Droid Serif||||” text_font_size=”18px”]

This article was written by PYMNTS on Nov. 23, 2018. The original article can be found here.

[/et_pb_text][et_pb_image _builder_version=”3.0.74″ animation_style=”slide” animation_direction=”left” animation_duration=”500ms” animation_intensity_slide=”10%”]

 

[/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ _builder_version=”3.13.1″ background_color=”rgba(224,224,224,0.22)” custom_padding=”0px|0|15px|0px|false|false” prev_background_color=”#ffffff” next_background_color=”#8d8c91″][et_pb_row make_fullwidth=”on” custom_padding=”5px|0px|0|0px|false|false” _builder_version=”3.13.1″][et_pb_column type=”1_2″][et_pb_text _builder_version=”3.0.74″ text_font=”Droid Serif||||” text_font_size=”18px” inline_fonts=”Droid Serif”]

A flaw on the website of the U.S. Postal Service (USPS) reportedly exposed account data for an estimated 60 million users, KrebsOnSecurity reported recently.

An anonymous researcher warned the publication of the security flaw on the USPS website. Anyone with an account on USPS.com could gain access to the user data of about 60 million people and, reports said, could in some cases modify that data.

Perhaps more troubling is that the researcher allegedly warned USPS about the security issue a year ago but did not receive a response.

The security flaw stems from USPS’ Application Program Interface (API) — basically, a set of tools defining how various parts of an online application such as databases and Web pages should interact with one another.  The API in question was tied to a Postal Service initiative called “Informed Visibility” that allows businesses and bulk mail senders to “make better business decisions by providing them with access to near real-time tracking data” regarding their mail campaigns. The API enabled senders to gain visibility into the progress of a package but the security flaw reportedly exposes that data of commercial clients.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2018/11/usps-api-security-flaw.jpg” _builder_version=”3.13.1″ max_width=”74%” animation_style=”slide” animation_direction=”left” animation_duration=”500ms” animation_intensity_slide=”10%”]

 

[/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” custom_padding=”14px|0px|0px|0px|false|false” _builder_version=”3.13.1″][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.0.74″ text_font=”Droid Serif||||” text_font_size=”18px” inline_fonts=”Droid Serif”]

Further, KrebsOnSecurity said, anyone with a USPS online account could access user data including email addresses, user IDs, usernames, account numbers, street addresses, phone numbers and other information. The researcher found that the API accepted so-called “wildcard” search parameters, allowing users to search for all data without having to provide specific search terms.

“No special hacking tools were needed to pull this data,” KrebsOnSecurity noted, “other than knowledge of how to view and modify data elements processed by a regular web browser like Chrome or Firefox.”

“This is not even Information Security 101, this is Information Security 1, which is to implement access control,” said Nicholas Weaver, an International Computer Science Institute researcher and University of California Berkeley speaker, in an interview with the publication. “It seems like the only access control they had in place was that you were logged in at all. And if you can access other peoples’ data because they aren’t enforcing access controls on reading that data, it’s catastrophically bad and I’m willing to bet they’re not enforcing controls on writing to that data as well.”

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” _builder_version=”3.0.74″ background_color=”#8d8c91″ custom_padding=”4px|0px|5px|0px|false|false” prev_background_color=”rgba(224,224,224,0.22)” next_background_color=”#2d3743″][et_pb_row admin_label=”row” make_fullwidth=”on” custom_padding=”10px|0px|27px|0px” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_cta title=”Pulling the plug doesn’t have to be your only security solution.” button_url=”https://www.mdsny.com/contact/” button_text=”Contact Us” _builder_version=”3.0.65″ header_font=”Droid Sans|on|||” header_font_size=”31px” body_font=”Droid Sans||||” body_font_size=”19px” use_background_color=”off” background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_button=”on” button_text_color=”#2d3743″]

Don’t become part of a rising statistic — ensure your company is armed against a security hack.

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ _builder_version=”3.0.106″ background_color=”#2d3743″ custom_margin=”|||” custom_padding=”0|0px|0px|0px|false|false” prev_background_color=”#8d8c91″ global_module=”123120″][et_pb_row global_parent=”123120″ make_fullwidth=”on” custom_padding=”15px|0px|0|0px|false|false” _builder_version=”3.3.1″ module_alignment=”center”][et_pb_column type=”1_2″][et_pb_text global_parent=”123120″ _builder_version=”3.3.1″ text_font=”||||||||” text_font_size=”12px” text_line_height=”1.6em” header_font=”||||||||” header_2_font=”||||||||” background_layout=”dark”]

About MDS

Maureen Data Systems is a IT services and solutions company committed to developing custom, streamlined solutions for customers to achieve their business objectives.

MDS structures its highly skilled engineers to align with how our customers consume technology—with one team responsible for infrastructure, another heading up productivity and applications, and a third committed to identity and security solutions.

[/et_pb_text][et_pb_social_media_follow global_parent=”123120″ _builder_version=”3.0.106″ /][et_pb_social_media_follow global_parent=”123120″ _builder_version=”3.3.1″][et_pb_social_media_follow_network social_network=”twitter” url=”https://twitter.com/maureendatasys?lang=en” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]twitter[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”facebook” url=”https://www.facebook.com/MaureenData/” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]facebook[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”linkedin” url=”https://www.linkedin.com/company/maureen-data-systems” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][/et_pb_column][et_pb_column type=”1_4″][et_pb_text global_parent=”123120″ _builder_version=”3.12″ text_font=”||||||||” text_line_height=”1.4em” background_layout=”dark”]

Upcoming Events

November 28th, 2018 – Miami, FL
Microsoft365 Interactive Workshop

December 12, 2018 – NYC
Microsoft365 Interactive Workshop

[/et_pb_text][/et_pb_column][et_pb_column type=”1_4″][et_pb_text global_parent=”123120″ _builder_version=”3.0.105″ text_font=”||||||||” text_line_height=”1.4em” background_layout=”dark”]

Contact Us

NYC Headquarters
307 W. 38th Street, Suite 1801
New York, NY 10018

Tel646-744-1000
Email: contactus@mdsny.com

NYC | FL | TX | PR

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]