[waselighis]

That seems unlikely to me as UPS certainly would have spotted that kind of activity in their logs (enumerating). However, it may not be entirely impossible either. UPS tracking numbers are long but not completely random, they encode a lot of info about the shipment which can greatly reduce the search space.

https://www.trackingmore.com/tracking-status-detail-en-238.h...

[dools]

Yeah so the existence of URLs for specific retailers like Lego and Adidas suggest to me that they ordered from the shipper, got their account number, then just got a botnet to enumerate (or randomly query) with different package identifiers.

[stef25]

Wasn't talking about UPS but smaller shipping companies here in EU.