The USPS or United States Postal Service has been using apps with major bugs present. As the United States prepares for elections and is fighting over the use of mail-in ballots, it seems the USPS software isn’t up to date. The bugs in the apps in question could make all the sensitive data of employees and customers of the USPS available to hackers without any hassles. This is as per the memorandum which was sent out by the USPS Office of Inspector General recently.
The memorandum, which was just published outlines ‘significant vulnerabilities’ in six apps. The Office of Inspector General deemed four of these applications that have been used by the USPS for seven years as sensitive apps. To add, the memo mentions that there were 12 common and known vulnerabilities in the applications used by the USPS. To put it simply, these are bugs in the system that a hacker would already be aware of. These are bugs that can be used to hack into the system with ease.
After the memorandum from the Office of Inspector General, the USPS’s own Corporate Information Security Office, the department dealing with cybersecurity, has agreed with the statements. The department estimated the potential damage to be in the region of $1 billion. Vulnerabilities like these are a hacker’s dream.
The Office of Inspector General asked the Postal Service to address the vulnerabilities and the USPS has taken action and released a statement to say that they have complied with the same. The USPS has not disclosed the specific applications affected.
There was no indication of any exploitation by hackers occurring despite the vulnerabilities in the applications.
However, it would not have been the first time USPS systems were hacked. In 2014, hackers broke into the USPS systems and stole Social Security numbers and sensitive data of 750,000 workers, along with the data of 2.9 million customers. In 2018, a researcher found a major breach in the USPS website that exposed the data of 60 million users.
This is another reminder that it is quite easy to not only hire a hacker online to exploit such vulnerabilities, but to examine one’s reliance upon outdated or insecure software.