Healthcare.gov has reset passwords of all its registered users after reports of active Heartbleed exploit have surfaced on the web.
Heathcare.gov has noted that there have been no instances of information compromise of its users, but the Obama administration has flagged the vulnerability as one that can’t be sidelined. According to senior officials, the action is being taken out of abundance of caution.
“There’s no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk”, reads a post on healthcare.gov. “However, we’re resetting current passwords out of an abundance of caution, to ensure the protection of your information.”
Users will not be receiving any emails with their new passwords or links to reset their passwords, but when they do attempt to logon to the website the next time, they won’t be able to proceed any further until they change their password.
Earlier this month, security researchers publicly revealed the ‘Heartbleed’ bug, one of the most significant vulnerability to ever hit the internet, which has made headlines since then. Just with the revelation, reports started circulating claiming NSA to have caused the Heartbleed bug as a part of Prism online surveillance programme.
Despite the speculations, the man behind the coding error, Robin Seggelmann, revealed his responsibility stating Heartbleed to be a simple programming error in security relevant area that was trivial, but the effect to be clearly severe.
