via The Hacker News
The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.
The U.S.P.S. is an independent agency of the American federal government responsible for providing postal service in the United States and is one of the few government agencies explicitly authorized by the United States Constitution.
The vulnerability is tied to an authentication weakness in an application programming interface (API) for the USPS “Informed Visibility” program designed to help business customers track mail in real-time.