A vulnerability in a U.S. Postal Service application for tracking mail in real time would have allowed anyone logged into the service to view personal data for as many as 60 million accounts. The issue was an authentication-related vulnerability within an application programming interface, or API, for USPS’s Informed Visibility service. USPS fixed the error within 48 hours, according to a security blogger Brian Krebs, who alerted the organization after he received a tip from an anonymous security researcher. USPS says the incident is under investigation and that it doesn’t believe others took advantage.”]
Source: https://www.careersinfosecurity.com/us-postal-service-plugs-api-flaw-one-year-later-a-11722