fbpx

Postal Service Hand Delivers User Data to Hackers

3 minute read
Share this:
By TJ Lundeen
Sales & Marketing Specialist

On Nov. 21, the United States Postal Service fixed a security hole that allowed for up to 60 million users’ data to be exposed via a breach.

The hole, which USPS had been alerted to a year prior, was fixed after a probe by cyber security website KrebsOnSecurity reached out to the government agency upon receiving a tip from a confidential researcher. The source gave the same information to USPS, but never received a response.

The breach came about from an authentication weakness in the “Informed Visibility” tool used by USPS customers to preview and track important mail such as documents and checks. The authentication flaw allowed any logged-in usps.com user to find and edit account information for accounts belonging to any users. Such information included email addresses, username, account number, address, phone number, and authorized users. With the lack of access control in the system, up to 60 million users had personal information available at the request of any other user.

To access the data on any user, anyone logged-in to the system simply needed to alter search parameters to include all results, which then returned information for viewing and editing of any account in the system.

Preventing cyber security attacks and breaches requires a level of knowledge about the ways a cyber criminal may try to attack your data. With Archetype SC’s Security Risk & Vulnerability Assessment, or SRVA, your business will receive a comprehensive report on the vulnerabilities in your network – and a plan to remediate those issues before they become a key access point for a data breach to begin.

Contact Archetype SC today to set up a SRVA scan at your office.

Take control of your security today!

Work with the cybersecurity experts at Archetype SC specializes in helping businesses understand and manage the risks associated with modern technology. Help lock down your most precious assets today with our Security Risk & Vulnerability Assessment (SRVA), which provides a detailed look at vulnerabilities in your system. Contact us today for a free consultation.

cross
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram