Brian Krebs reports:
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said he informed the USPS about his finding more than a year ago yet never received a response. After confirming his findings, this author contacted the USPS, which promptly addressed the issue.
Read more on KrebsOnSecurity.com.
One frustrating aspect of breaches at government sites has for me is that the government is fining businesses for similar breaches but the only thing that happens to the government when they do the same thing is “whoops.”