
USPS API bug exposed user data of 60M users - ZoomStop
https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/
======
ZoomStop
This is the site that last year had a password reset bug also. When resetting
your password the system would generate a random password and email it. During
the reset password the current password (the one emailed) is required, and
their form validated the old password for the security requirements (length,
special character, etc) that the auto-generated reset password did not meet.
This effectively locked you out of their site. It took them three months to
fix that.

We absolutely cannot trust this company with our data, yet we have no choice
but to do business with them.

