• Advertiser Disclosure

    You’re our first priority.
    Every time.

    We believe everyone should be able to make financial decisions with confidence. And while our site doesn’t feature every company or financial product available on the market, we’re proud that the guidance we offer, the information we provide and the tools we create are objective, independent, straightforward — and free.

    So how do we make money? Our partners compensate us. This may influence which products we review and write about (and where those products appear on the site), but it in no way affects our recommendations or advice, which are grounded in thousands of hours of research. Our partners cannot pay us to guarantee favorable reviews of their products or services.

  • USPS reportedly fixes website bug that exposed data of 60M users

    USPS reportedly fixes a bug on its website just in time for the holidays. 
    Getty Images
    Just in time for the holiday shopping season, it appears the US Postal Service has fixed a security flaw that allowed all USPS.com account holders, some 60 million people, to see personal details of fellow users.Cybersecurity expert Brian Krebs on Wednesday wrote about the bug, noting that he was contacted last week by a researcher who asked to remain anonymous. The researcher reportedly informed USPS about his findings more than a year ago, but never received a response, Krebs said. Krebs then confirmed the researcher’s findings and contacted the USPS, “which promptly addressed the issue.”USPS representatives didn’t immediately respond to a request for confirmation and comment on Thanksgiving Day. Krebs said the flaw stemmed from an authentication weakness in an application program interface, or API, tied to its Informed Visibility program, which lets users receive a scan of all incoming mail before it’s delivered to their address. That program was the subject of a US Secret Service advisory Krebs tracked down earlier this month warning that criminals could use the program to target people for credit card fraud.The latest bug let any logged-in USPS.com users “query the system for account details belonging to any other users,” including email addresses, usernames, user IDs, street address, phone numbers and more, Krebs said.

    Read More


        Enable registration in settings - general
        Compare items
        • Total (0)