In the midst of the kickoff to the busiest shopping season of the year, news emerged that both the U.S. Postal Service and Amazon experienced data glitches that exposed customer information.
The USPS may have exposed the personal data of more than 60 million customers via a security hole, including access to information on when checks and other critical documents were set to arrive.
Amazon meanwhile told an unknown number of customers their names and email addresses were exposed due to a technical error on its ecommerce site.
“We’re contacting you to let you know that our website inadvertently disclosed your name and email address due to a technical error,” read an email from Amazon customer service, according to Silicon Republic. “The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”
“We have fixed the issue and informed customers who may have been impacted,” Amazon told TechCrunch, providing no further details.
The USPS incident was caused by a broken application programming interface (API) in its Informed Visibility service. The now ironically named service is an informational platform used by companies to check the status of letters and packages inducted into the USPS system for delivery.
Information including account numbers, email addresses, street addresses and phone numbers were put at risk. Potentially, any USPS.com account holder could have viewed other users’ private data.
“The incident reported last week was not a breach of customers’ data,” said USPS spokesman David Partenheimer. “It was a system vulnerability which was quickly mitigated by the Postal Service. We have no information to indicate that any customer data was exploited before we mitigated the vulnerability.”
While media reports said the USPS only took action after the vulnerability was brought to its attention recently by cybersecurity expert Brian Krebs, adding it was ignored when an anonymous researcher came forward in 2017, Partenheimer denied this. “The Post Office is not aware of being contacted about this issue a year ago,” he said.
“Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously,” Partenheimer continued. “Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”