The Healthcare.gov website is incredibly insecure, so much so that a white hat hacker was able to find its records of 70,000 people through an advanced Google search.
The hacker is David Kennedy, who also started TrustedSec, which is a security firm, and he has been warning people and the government about the insecurity of the website for a while now. He even testified about it in November to a Congressional committee.
“I don’t understand how we’re still discussing whether the website is insecure or not. It is; there’s no question about that. It is insecure – 100 percent,” he said, and added in blog post earlier that “out of the issues identified last go around, there has been a half of a vulnerability closed out of the 17 previously disclosed and since my last appearance, other security researchers have also identified an additional 20+ exposures on the site.”
Kennedy said that he was able to access the Healthcare.gov records of 70,000 people, in only a few minutes, through a Google search, and that while he had stopped at 70,000, he could have gone higher. “70,000 was just one of the numbers that I was able to go up to. And I stopped after that. You know, and I’m sure it’s hundreds of thousands, if not more and it was done within about a four-minute time frame. So, it’s just wide open. You can literally just open up your browser, go to this and extract all this information without actually having to hack the website itself,” he said to Fox News Sunday.
Kennedy isn’t alone in his analysis of the Healthcare.gov website. Other elite white hackers such as Chris Nickerson, Kevin Mitnick, Ed Skoudis, John Strand and more have have signed statements to that effect. Kennedy also added that “everything that we’ve seen from the website is a symptomatic problem of a much larger issue of how they code the website so I’d be very concerned with using it.”
[via The Verge, Computer World, image via Marjan Krebelj’s flickr]