1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • The US Patent and Trademark Office has been leaking user details

    From TechnologyDaily@1337:1/100 to All on Thu Jun 29 16:15:03 2023
    The US Patent and Trademark Office has been leaking user details for several years

    Date:
    Thu, 29 Jun 2023 15:00:06 +0000

    Description:
    A faulty API was leaking people's postal addresses, but there's no evidence any threat actors found the flaw.

    FULL STORY ======================================================================

    The US Patent and Trademark Office (USPTO), the government agency that
    handles patent and trademark requests, has been operating a faulty
    application programming interface (API) which was leaking peoples postal addresses for several years.

    The organization has notified thousands of its filers about the mishap, explaining what had happened and what it did to remedy the issue.

    When we discovered the issue, we blocked access to all USPTO non-critical
    APIs and took down the impacted bulk data products until a permanent fix
    could be implemented, the body wrote in the notification sent out to the filers. Three years of leaks

    The API had been leaking data since 2020, until it was finally fixed in early April 2023, when the addresses were masked and the faulty API fixed.

    In a statement given to TechCrunch, USPTO spokesperson Paul Fucito explained that the postal addresses were mandatory for all filers as means of tackling fraudulent applications:

    As indicated in our notice to impacted filers, while domicile addresses are required under trademark law, we took the voluntary step of masking this information in 2020 as part of our efforts to secure the data that the public accesses directly and frequently, he said. Read more

    Clop ransomware may have infected even more victims than previously thought


    Saks Fifth Avenue becomes latest Clop ransomware victim


    Check out the best malware removal tools right now

    We regrettably failed to locate some of the more technical exit points and properly mask the data exported from those points. We apologize for our mistake and will do better to prevent such an incident from happening again, while also preserving our ability to crack down on the historic amount of filing fraud were seeing originate overseas, Fucito concluded.

    In total, some 61,000 patent and trademark filers have had their physical addresses leaked online, representing roughly 3% of all the applications
    filed in the three-year period.

    USPTO believes no one found the flaw and claims theres no evidence of any misuse. These are the best endpoint protection tools right now

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-us-patent-and-trademark-office-has- been-leaking-user-details-for-several-years


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)