[Grade-school level coding error] The US Postal Service exposed data of 60 million users
https://techcrunch.com/2018/11/26/the-us-postal-service-exposed-data-of-60-million-users/ A broken US Postal Service API exposed from over 60 million users and allowed a researcher to pull millions of rows of data by sending wildcard requests to the server. The resulting security hole has been patched after repeated requests to the USPS. The USPS service, called InformedDelivery, allows you to view your mail before it arrives at your home and offered an API to allow users to connect their mail to specialized services like CRMs. We profiled in the service in 2017. The anonymous researcher showed that the service accepted wildcards for many searches, allowing any user to see any other users on the site. Brian Krebs has a copy of the API on his site. - - - --Lauren-- Lauren Weinstein (lau...@vortex.com): https://www.vortex.com/lauren Lauren's Blog: https://lauren.vortex.com Google Issues Mailing List: https://vortex.com/google-issues Founder: Network Neutrality Squad: https://www.nnsquad.org PRIVACY Forum: https://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Google+: https://google.com/+LaurenWeinstein Twitter: https://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 _______________________________________________ nnsquad mailing list https://lists.nnsquad.org/mailman/listinfo/nnsquad