• United States



Senior Staff Writer urges password resets due to Heartbleed

Apr 21, 20142 mins
Disaster RecoveryVulnerabilities

Officials are urging those with accounts on to reset their passwords due to the Heartbleed vulnerability.

As if the website didn’t have enough problems to deal with…

Administrators on, the enrolment website for President Obama’s Patient Protection and Affordable Care Act – referred to by some as Obamacare, have reset user passwords after an audit determined that the servers hosting the insurance exchange were vulnerable to Heartbleed.

In a notice posted to the website on Saturday, users are told that while there has been no indication of information loss, the passwords were reset out of an abundance of caution.

"There’s no indication that Heartbleed has been used against or that any personal information has ever been at risk. However, we’re resetting current passwords out of an abundance of caution, to ensure the protection of your information."

As of Monday morning, visitors to the website and those who attempted to login over the weekend seem to be the only ones told of the changes. The official Twitter and Google+ accounts for haven’t addressed the topic.

The Internet has been buzzing about Heartbleed since it was disclosed earlier this month, and is just the latest mainstream website to have been impacted by the vulnerability.

The ACA website isn’t the only domain impacted though. Senior officials for the Obama administration told the Associated Press that other government websites might produce similar warnings, including, where the We the People petitions page is hosted.

In a blog post, DHS deputy undersecretary for cybersecurity and communications, Phyllis Schneck, said it will take time for the government to address the Heartbleed issue properly.

"As we conduct the scans of government systems and agencies conduct their own reviews, many government websites turn out to have never been vulnerable to Heartbleed because they did not use OpenSSL; in those cases, no further action is needed at this time. However, in those cases where agencies determine that a website or system could have been vulnerable to Heartbleed, they are taking the same steps as the private sector..."
"We will continue to focus on this issue until government agencies have mitigated the vulnerability in their systems. And we will continue to adapt our response if we learn about additional issues created by the vulnerability."