In a message posted to the website, the U.S. government says that it decided to reset all passwords due to the Heartbleed bug, which put millions of websites at risk of cyberattack after it was revealed to the world earlier this month. The government says Healthcare.gov was not affected by Heartbleed, but that the team is forcing a password reset, just in case. From the warning:
Recently, you may have heard about a new internet security weakness, known as Heartbleed, which is impacting some websites. HealthCare.gov uses many layers of protections to secure your information. While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution. This means the next time you visit the website, you’ll need to create a new password. We strongly recommend you create a unique password – not one that you’ve already used on other websites.
The message goes on to explain how to reset your password. It also reiterates that there is “no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk.” Instead, the HealthCare.gov team rolled out the password reset “out of an abundance of caution, to ensure the protection of your information.”
H/T Gawker | lllustration by Fernando Alfonso III