We previously commented on the risks around the United State Postal Service’s (USPS) “Informed Visibility” service, which allows customers to preview their mail to inform them when it will be delivered. Some security experts recommend that customers opt out of the program so an account cannot be opened in your name.
Last week, it was reported that an anonymous researcher discovered security vulnerabilities in the Informed Visibility service, an API that allowed anyone with a USPS account to view the information in other users’ accounts, and to potentially modify others’ accounts. This vulnerability is reported to have affected more than 60 million users.
The alarming part of the report is that criminals could potentially view and change the account details of users so that checks, statements, Social Security checks and other important documents that are sent through USPS could be diverted or picked up by fraudsters as soon as the mail is delivered.
Although USPS says it is not aware that any customer information was accessed, reviewing your account details and whether you want to participate in the program is prudent.