US Postal Service

A security researcher discovered a flaw in the US Postal Service (USPS) website, usps[.]com, which allowed any logged in user to access the information of over 60 million other user accounts by conducting a simple query. The exposure stemmed from an application programming interface (API) used to support USPS’s Informed Visibility service, a program that provides real-time tracking of mail. Potentially accessed information includes email address, username, user ID, account number, address, and phone number. USPS fixed the issue on November 20th of this year.