I’m normally against knowing too much about how the sausage is made when it comes to label generation; because label printers talking to brittle ERP systems are basically the most hateful flavor of printer going; but it would be interesting to know if it’s just someone in shipping snagging the data from individual packages because you can’t really avoid exposing the shipping label at some point; or if there are any design choices that allow for more powerful inferential attacks(the article makes it sound like the thefts are targeting iphones, in some cases specific models, is AT&T’s system processing orders such that nontrivial blocks of contiguous tracking numbers get assigned to identical SKUs, rather than being deliberately randomized or just handled in the order they are received? Are they a large enough volume shipper of relatively dense goods that Fedex doesn’t just go with the “eh, give us the size and weight to nearest pound” and you can actually distinguish a 16 pro from a 16 pro plus because the shipping weights differ by 29 grams?)
There’s probably not tons they can do if it’s just risk-insensitive insiders snagging label data one box at a time; at least on a budget that is dictated by the scale of the losses rather than a righteous crusade against the shipping department; but there might be some design oversights or seemingly-harmless optimizations that allow some amount of insider information to be used to infer more; or allow a wider pool of insiders to provide actually useful information(eg. if shipping weights are vague someone who just has the tracking number and address might not be able to distinguish between the nastiest samsung cheapie and something worth stealing at a glance; if they are exact they might be able to get you anything but color even out at the loading dock).
