The US Postal Service (USPS) is in the dock after an apparent API vulnerability exposed the account details of 60 million users of its online service.
The issue related to a service known as “Informed Visibility” which USPS offered to businesses, allowing them to access near real-time tracking data on packages. However, along with this data, the related API also allowed anyone logged in to USPS.com to query the account details of other users of the site and even modify some details.
By Phil Muncaster
To read the full article click here.
