- Nickelodeon is selling SpongeBob toys based on popular memes 6 Years Ago
- Alex Jones protests outside the White House by shouting the name of his website 6 Years Ago
- ‘I Think You Should Leave with Tim Robinson’ has an absurd conclusion for every scenario 6 Years Ago
- Twitch star TF Blade banned for racial slur—but he swears he didn’t say it 6 Years Ago
- Steve King says backlash to white nationalism comment was like what Jesus went through Today 10:23 AM
- Netflix movies are still eligible for Oscars, Academy rules Today 10:21 AM
- Sheriff’s deputy makes homophobic comments on Facebook after gay teen’s suicide Today 10:02 AM
- The Marvel movies you actually need to see before ‘Avengers: Endgame’ Today 9:10 AM
- Twitter launches new tool to combat misinformation about voting Today 8:44 AM
- These Cards Will Get You Drunk is the game with one very obvious purpose Today 8:20 AM
- Conservative guy’s Elizabeth Warren op-ed inspires ‘slap in the face’ meme Today 7:37 AM
- ‘Ask Dr. Ruth’ takes a crowd-pleasing look at her life and groundbreaking career Today 7:30 AM
- Tom Holland and Daisy Ridley’s ‘Chaos Walking’ is so bad it’s ‘unreleasable’ Today 7:01 AM
- The best Westerns on YouTube that you can watch for free Today 7:00 AM
- The shocking similarities between QAnon’s ‘Storm’ and the far-right’s ‘Second Civil War’ Today 6:30 AM
An easily exploitable security flaw in the Healthcare.gov code gives hackers access to Americans’ personal information.
When signing up for health care on the site, which was created under the Affordable Care Act, a user must input the wealth of personal information such as their name, email address, family members, and social security number. According to Mother Jones, a security flaw in the site makes all this data vulnerable to attack.
The attack, known as “clickjacking,” works as follows: A hacker inserts a frame on top of an input button that is either transparent or disguised to look like that button. Then, when the user clicks on the false button, it redirects their computer to a third party site which can collect the information they thought they were submitting to the U.S. government.
As Mother Jones pointed out, several risk assessment firms have already identified the security flaw and noted that it is a relatively easy coding problem to fix.
When the magazine asked the Department of Health and Human Services for comment, they apparently directed the publication to their decidedly underwhelming security statement: “If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents.”
Identity theft is a billion dollar industry. In 2012, more than 12 million Americans had their identities stolen (up a million from the year before). Considering the relative simplicity of an attack on Healthcare.gov, as well as the comprehensive personal information it requires, it is reasonable to assume the site will be a target for hackers.
The security flaw deals another unfortunate blow to the healthcare site, whose poor performance and sloppy program have been leveraged to make it a strawman for republicans looking to attack Obamacare. On Thursday, for example, U.S. Representative Darrell Issa (R-Calif.) posted on his website a series of cat images titled “8 Cats Who Called 1-800-ObamaCare but Still Couldn’t Get Healthcare,” that made fun of the slow performance of Healthcare.gov.
The site’s problems have been a constant frustration for the White House as the president’s staff tries to increase political support for Obamacare. “There’s no sugar-coating it. The website has been too slow [and] people have been getting stuck during the application process,” President Barack Obama said on Monday. “Nobody’s madder than me that the website isn’t working as well as it should, which means it’s going to get fixed.”
Illustration by Jason Reed
Joe Kloc is a former Daily Dot contributor who covered technology and policy. He's contributed to Newsweek and Mother Jones, discussed his reporting on air with WNYC, and written Weekly Reviews for Harper's Magazine.