US Postal Service website exposed data relating to 60 million users for over a year. The issue had stemmed from an authentication weakness that was there in an API on the USPS website. The flaw let any logged-in usps.com user query the system for account details belonging to any other users, such as email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data and other information. An independent researcher, who chose to remain unnamed, had contacted KrebsOnSecurity a week ago and passed information about this issue.”]
Source: https://hackercombat.com/us-postal-service-website-left-data-exposed-for-over-a-year/