Source: www.schneier.com – Author: Bruce Schneier
Comments
Jorgem •
UPS discovered a method by which a person who searched for a particular package or misused a [Canadian] package look-up tool could obtain more information about the delivery, potentially including a recipient’s phone number
Canada has had a federal privacy law for decades. The idea that a phone number can just accidentally “show up” in the UPS search tool suggests UPS isn’t taking privacy all that seriously. It’s probably something the Privacy Commissioner of Canada should be looking into.
Ted •
The suspense is killing me! Was it an exploited API that reveled shipment details – as Alex from the article speculated?
Or was the data leaked via the “Track by Reference Number” feature that allows people to potentially discover sequential number sequences – as Peter wondered?! (The UPS website does have updated messaging on that page.)
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2023/06/ups-data-harvested-for-sms-phishing-attacks.html
Category & Tags: Uncategorized,cybercrime,phishing,phones,SMS,spam – Uncategorized,cybercrime,phishing,phones,SMS,spam