On Nov. 21, the United States Postal Service fixed a security hole that allowed for up to 60 million users’ data to be exposed via a breach.
The hole, which USPS had been alerted to a year prior, was fixed after a probe by cyber security website KrebsOnSecurity reached out to the government agency upon receiving a tip from a confidential researcher. The source gave the same information to USPS, but never received a response.
The breach came about from an authentication weakness in the “Informed Visibility” tool used by USPS customers to preview and track important mail such as documents and checks. The authentication flaw allowed any logged-in usps.com user to find and edit account information for accounts belonging to any users. Such information included email addresses, username, account number, address, phone number, and authorized users. With the lack of access control in the system, up to 60 million users had personal information available at the request of any other user.
To access the data on any user, anyone logged-in to the system simply needed to alter search parameters to include all results, which then returned information for viewing and editing of any account in the system.
Preventing cyber security attacks and breaches requires a level of knowledge about the ways a cyber criminal may try to attack your data. With Archetype SC’s Security Risk & Vulnerability Assessment, or SRVA, your business will receive a comprehensive report on the vulnerabilities in your network – and a plan to remediate those issues before they become a key access point for a data breach to begin.
Contact Archetype SC today to set up a SRVA scan at your office.