A glitch in the Post Office's internet tools left users' information accessible to programmers working on apps, independent security journalist Brian Krebs reports.
The big picture: At issue is a tool to integrate apps with the Post Office's network known as an application program interface (API). Per the report, any logged in user could apparently access and in some cases change other users' information.
Details: The API integrates apps with the Post Office's "Informed Visibility" portal, which helps bulk mail senders track and analyze mail.
- The leak exposed users' "email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data and other information," wrote Krebs.
- The exposure was reportedly first discovered last year, but the researcher who found it had trouble contacting the Postal Service. Krebs contacted USPS on his behalf, and the glitch has been patched.
Who should be worried: We don't know that anyone maliciously took advantage of this glitch, and therefore we don't know if anyone is in any danger. Passwords do not appear to have been exposed by the breach.
