- YouTube’s queen of failed robots just unveiled a one-of-a-kind Tesla truck 6 Years Ago
- AOC infuriates conservatives with ‘concentration camps’ remark 6 Years Ago
- TikTok users explore identity with Lin Manuel Miranda-inspired meme Today 3:24 PM
- TikTok apology video inspires new duet meme Today 2:51 PM
- Man sues brewery after identifying as female to get beer discount Today 2:31 PM
- Here’s what’s coming and going on Hulu in July 2019 Today 2:22 PM
- This biotech company’s logo is almost straight out of Resident Evil Today 1:26 PM
- Trump says mass deportations to start next week Today 12:28 PM
- GOP pollster bothered by broken elevator in Austria blames socialism Today 10:50 AM
- YouTuber renames small town ‘Gay Hell’ to defy Trump Pride policy Today 10:43 AM
- John Cusack blames Twitter bot for anti-Semitic tweet Today 10:18 AM
- YouTube rapper who glorifies pimping has been charged with human trafficking Today 10:09 AM
- Amy Klobuchar lists net neutrality as part of her 100-day plan for presidency Today 8:54 AM
- Reddit just banned the NBA Streams subreddit Today 8:17 AM
- How to watch ‘Drunk History’ for free Today 8:00 AM
An easily exploitable security flaw in the Healthcare.gov code gives hackers access to Americans’ personal information.
When signing up for health care on the site, which was created under the Affordable Care Act, a user must input the wealth of personal information such as their name, email address, family members, and social security number. According to Mother Jones, a security flaw in the site makes all this data vulnerable to attack.
The attack, known as “clickjacking,” works as follows: A hacker inserts a frame on top of an input button that is either transparent or disguised to look like that button. Then, when the user clicks on the false button, it redirects their computer to a third party site which can collect the information they thought they were submitting to the U.S. government.
As Mother Jones pointed out, several risk assessment firms have already identified the security flaw and noted that it is a relatively easy coding problem to fix.
When the magazine asked the Department of Health and Human Services for comment, they apparently directed the publication to their decidedly underwhelming security statement: “If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents.”
Identity theft is a billion dollar industry. In 2012, more than 12 million Americans had their identities stolen (up a million from the year before). Considering the relative simplicity of an attack on Healthcare.gov, as well as the comprehensive personal information it requires, it is reasonable to assume the site will be a target for hackers.
The security flaw deals another unfortunate blow to the healthcare site, whose poor performance and sloppy program have been leveraged to make it a strawman for republicans looking to attack Obamacare. On Thursday, for example, U.S. Representative Darrell Issa (R-Calif.) posted on his website a series of cat images titled “8 Cats Who Called 1-800-ObamaCare but Still Couldn’t Get Healthcare,” that made fun of the slow performance of Healthcare.gov.
The site’s problems have been a constant frustration for the White House as the president’s staff tries to increase political support for Obamacare. “There’s no sugar-coating it. The website has been too slow [and] people have been getting stuck during the application process,” President Barack Obama said on Monday. “Nobody’s madder than me that the website isn’t working as well as it should, which means it’s going to get fixed.”
Illustration by Jason Reed
Joe Kloc is a former Daily Dot contributor who covered technology and policy. He's contributed to Newsweek and Mother Jones, discussed his reporting on air with WNYC, and written Weekly Reviews for Harper's Magazine.