JACKSONVILLE, Fla. – The U.S. Postal Service said it has already fixed a security vulnerability that exposed the phone numbers, street addresses and usernames of 60 million people who had accounts at usps.com in 2017 and 2018.
According to ConsumerAffairs.com, Krebs on Security reported that an independent researcher informed USPS of the flaw more than a year ago but received no response. The Postal Service didn’t address the issue until this week after it was contacted by cybersecurity specialist Brian Krebs.
“No special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular web browser like Chrome or Firefox,” Krebs told ConsumerAffairs.com.
USPS said the security flaw was fixed and it will continue to look into the issue “out of an abundance of caution.”
The USPS sent News4Jax the following information:
We currently have no information that this vulnerability was leveraged to exploit customer records. The information shared with the Postal Service allowed us to quickly mitigate this vulnerability.
"Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information. Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity.
Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law."