Hasta La Gadget!

The US Postal Service has taken an entire year to fix a security vulnerability on the usps.com website that revealed data of all 60 million of its users. Anyone could see the personal account information of these users including details such as usernames and street addresses. An independent researcher had reportedly identified this security vulnerability over a year ago.

The USPS apparently took its sweet time in patching this vulnerability as Krebs on Security reports that USPS only applied the patch earlier this week. This means that the vulnerability left the user data of 60 million people completely exposed for an entire year.

The vulnerability allowed anyone to access a USPS database that’s offered to businesses and advertisers who want to track user packages and data. This vulnerability in the application programming interface or API should have ascertained whether an account had the permissions to access that data but no such controls had been put in place.

Personal data such as phone numbers, emails, mailing campaign data, and more were exposed to anyone logged into usps.com. Users could also request account changes for some other user. The street addresses are searchable through the database so any logged in user could obtain them and thus no hacking tools were required to exploit this vulnerability.

“Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law,” the USPS said in a statement.

USPS Fixes Vulnerability That Exposed Data Of 60 Million Users , original content from Ubergizmo. Read our Copyrights and terms of use.

The new debate is about how best to challenge the court’s power.

By Doug Mahoney

This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter’s independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commission. Read the full Christmas lights guide here.

After…

Logitech is apparently looking to expand its hardware empire even further. It hasn’t even been four months since the company confirmed that it’s going to acquire Blue Microphones. A new report claims that Logitech is also interested in acquiring a headset maker called Plantronics and has reportedly bid $2.2 billion for the company.

Reuters reports that Logitech is in discussions to acquire Plantronics, a U.S. company that makes Bluetooth earpieces and gaming headsets. If a deal is reached it would be Logitech’s largest acquisition ever and would highlight its efforts to further diversify its business.

Logitech has reportedly offered more than $2.2 billion for Plantronics. If the negotiations end up being successful, a formal announcement of this deal could be made as early as next week. However, sources mentioned in the report caution that it’s also possible that the talks fall through with no deal being signed.

Plantronics declined to comment on the matter when reached by the scribe while Logitech didn’t respond to its request for a comment. One of the reasons the two companies are said to be in talks for a deal is the effort to reduce manufacturing costs and limit the impact of the Trump administration’s tariffs on imports from China into the United States.

Logitech Reportedly Bids $2 Billion For Headset Maker Plantronics , original content from Ubergizmo. Read our Copyrights and terms of use.