Nov 21, 2018

Report: Leaky Post Office interface exposed 60 million users' data

Photo: Dünzl/ullstein bild via Getty Image

A glitch in the Post Office's internet tools left users' information accessible to programmers working on apps, independent security journalist Brian Krebs reports.

The big picture: At issue is a tool to integrate apps with the Post Office's network known as an application program interface (API). Per the report, any logged in user could apparently access and in some cases change other users' information.

Details: The API integrates apps with the Post Office's "Informed Visibility" portal, which helps bulk mail senders track and analyze mail.

The leak exposed users' "email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data and other information," wrote Krebs.
The exposure was reportedly first discovered last year, but the researcher who found it had trouble contacting the Postal Service. Krebs contacted USPS on his behalf, and the glitch has been patched.

Who should be worried: We don't know that anyone maliciously took advantage of this glitch, and therefore we don't know if anyone is in any danger. Passwords do not appear to have been exposed by the breach.

Go deeper

Sam Baker

32 mins ago - Health

We're losing the war on the coronavirus

Chart: Danielle Alberti/Axios

By any standard, no matter how you look at it, the U.S. is losing its war against the coronavirus.

Why it matters: The pandemic is not an abstraction, and it is not something that’s simmering in the background. It is an ongoing emergency ravaging nearly the entire country, with a loss of life equivalent to a Sept. 11 every three days — for four months and counting.

Go deeper (2 min. read)

Jacob Knutson

12 hours ago - Politics & Policy

Trump commutes Roger Stone's sentence

Roger Stone arriving at his sentencing hearing on Feb. 20. Photo: Drew Angerer/Getty Images

President Trump on Friday evening commuted the sentence of his longtime associate Roger Stone, according to two senior administration officials. Stone in February was sentenced to 40 months in prison for crimes including obstruction, witness tampering and making false statements to Congress.

Why it matters: The controversial move brings an abrupt end to the possibility of Stone spending time behind bars. He had been scheduled to report to prison on July 14.

Go deeper (1 min. read)

Orion Rummler

Updated 13 hours ago - Health

Which states have set single-day coronavirus records this week

Data: COVID Tracking Project and state health department data compiled by Axios; Map: Danielle Alberti and Naema Ahmed/Axios

13 states this week surpassed records set just last week for their highest number of coronavirus infections in a single day, according to the COVID Tracking Project and state health department data. 16 states in total reported new highs.

The big picture: The United States' alarming rise in coronavirus cases isn't just due to increased testing — particularly where the number of cases has grown fastest over the last month, Axios' Andrew Witherspoon and Caitlin Owens report.