Heartbleed Means Users Must Reset Passwords


Federal officials are telling Obamacare website account holders to reset their passwords, following revelations of a bug that could allow hackers to steal data.

Officials earlier in the month said the government's main public sites, including, were safe from the risks surrounding Heartbleed -- faulty code recently found in a widely-used encryption tool. 

But, this weekend, the online marketplace's homepage directs users to change their login information.  

"While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution," states. 

The marketplace uses many layers of protection to secure data and there’s no evidence Heartbleed has been used maliciously against the site, officials added.

When Heartbleed emerged, some security specialists said data flowing on could be jeopardized by an underlying Akamai Technologies system that contained the flaw. 

If Akamai was "transferring personal information, then that data would be at risk,” regardless of government security protections, Jerry Irvine, a member of the National Cyber Security Partnership, a public-private organization, said at the time

"If they were using Akamai for services other than direct data input,” such as for hosting photos and other multimedia, “then personal information would not have been at risk,” he said.

Federal officials declined to comment on whether Akamai was handling personal information for 

(Image via Northfoto /

Threatwatch Alert

Credential-stealing malware / Payment device infection

America’s Thrift Stores Hit by Cybercrime Gang

See threatwatch report


Close [ x ] More from Nextgov