https://www.siliconrepublic.com/enterpr ... ata-breach
It was a busy week in the world of infosec with a major breach at the US Postal Service exposing data of 60m users.
In the build-up to the retail extravaganza that is Black Friday and Cyber Monday, the world’s biggest retailer at first denied it was hit by a major data breach, despite customers receiving emails stating as such.
The email, sent to a large number of Amazon account holders, claimed that the issue was fixed and that it was not the result of any customer’s actions. However, the e-commerce giant eventually admitted to TechCrunch it was on the receiving end of a breach, and that the names and email addresses of those exposed were obtained by hackers.
Broken USPS API exposes 60m users
A number of US Postal Service (USPS) users – equivalent to almost a fifth of the US population – found themselves on the end of a substantial data breach.
According to KrebsOnSecurity, a broken API within USPS’s mail tracker service called Informed Delivery allowed any user to see another user’s details. Brian Krebs appeared to confirm this with a copy of the API on his own site.
In a statement to KrebsOnSecurity, USPS said: “Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”
Krebs claimed that identity thieves are using this information to see what packages are being sent to users’ homes on what days, in order to exploit them.