The flaw was identified in USPS website APIs exposed potentially exposed data from 60 Million users. This blog does a quick rundown of how the flaw could be exploited, where exactly it is located, and most importantly, how can you protect your organization from similar API flaws.
Confucius taught us more than 2000 years ago: “Listen to his claims, but watch his actions.” Things are not what they claim to be. Such words of wisdom speak volume in light of the most recent Facebook access token leak.
According to one of Facebook’s blog, a large number of access tokens were potentially stolen by hackers due to vulnerabilities in the “View As” feature. Facebook executives offered more details according to this TechCrunch report.