The U.S. Postal Service has fixed a security flaw on its website that let anyone with an account see other users' personal information.
According to a report from former Washington Post cybersecurity reporter Brian Krebs, the Postal Service fixed the flaw this week — more than a year after an anonymous researcher told USPS about the issue.
Krebs says the vulnerability affected approximately 60 million accounts on the agency's website. It was caused by an authentication weakness in one of the site's programs.
The flaw let anyone logged onto the site see account details for other users — like email addresses, usernames, street addresses and phone numbers.
The news comes as USPS continues to deal with other issues. Earlier this month, the agency said it lost $3.9 billion during the 2018 fiscal year. This is the 12th year in a row that it's reported a financial loss.