Jorgem June 23, 2023 12:18 PM

UPS discovered a method by which a person who searched for a particular package or misused a [Canadian] package look-up tool could obtain more information about the delivery, potentially including a recipient’s phone number

Canada has had a federal privacy law for decades. The idea that a phone number can just accidentally “show up” in the UPS search tool suggests UPS isn’t taking privacy all that seriously. It’s probably something the Privacy Commissioner of Canada should be looking into.

Ted June 23, 2023 3:11 PM

The suspense is killing me! Was it an exploited API that reveled shipment details – as Alex from the article speculated?

Or was the data leaked via the “Track by Reference Number” feature that allows people to potentially discover sequential number sequences – as Peter wondered?! (The UPS website does have updated messaging on that page.)

modem phonemes June 26, 2023 8:53 AM

In another country, but this would make a good episode in Hamlsh Macbeth.

Rod June 30, 2023 2:17 PM

It is not just SMS. Having a Canadian phone number has been very annoying in the past years. I don’t even accept phone calls anymore, 9 out of 10 are these phishing calls.

Wherever anti-phishing logic the telecom companies up here, it just doesn’t work well at all.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.