03 Oct USPS’s Informed Delivery Service a Privacy Concern
A USPS service called Informed Delivery which provides the recipient images of their mail before it arrives, has recently raised concerns among privacy and security experts who say it might be misused by stalkers to track targets.
The service has been active since 2014, but only for select states which can be seen on https://informeddelivery.usps.com. USPS says that it has received positive feedback on it from around 6.3 million users, but experts including KrebsOnSecurity say that the knowledge-based authentication (KBA) and security the postal agency’s uses is too weak and leaves it quite vulnerable to abuse.
Georgia Tech privacy expert Peter Swire said that the USPS should catchup and start using multi-channel authentication, as it has already become an industry norm.
Source: Krebs on Security