White hat hacker says he found 70,000 records on Healthcare.gov through a Google search
By Adrianne Jeffries January 21, 2014
The federal health insurance marketplace at Healthcare.gov still has major security issues according to some experts, including a flaw that allows user records to show up in Google results.
At least 70,000 records with personal identifying information including first and last names, addresses, and user names are accessible by using an advanced Google search and then tweaking the resulting URLs, according to David Kennedy, founder of the security firm TrustedSec. Kennedy notes that he never modified any URLs, just that he noticed that it was possible.
Kennedy first testified about the issue before a Congressional committee in November, he says, but it still hasn't been resolved. It's just one of several issues he's identified with the site, and it's actually one of the easier ones to fix: Kennedy estimates it would take just a few days to hide the records.