

Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes - f_salmon
http://blogs.computerworld.com/cybercrime-and-hacking/23412/insecure-healthcaregov-allowed-hacker-access-70000-records-4-minutes

======
sp332
Original link [http://blogs.computerworld.com/cybercrime-and-
hacking/23412/...](http://blogs.computerworld.com/cybercrime-and-
hacking/23412/insecure-healthcaregov-allowed-hacker-
access-70000-records-4-minutes) Well, it's really a collection of interesting
links to other sources, but at least it's useful.

 _Or, given the numerous vulnerabilities, perhaps a breach already has
happened. These are exactly the kind of security flaws bad guys exploit in
large-scale breaches._

That's exactly what I've been wondering. Hackers have certainly had enough
time to get in there and look around. How much data has been taken, and where
will it show up?

------
fournm
[http://boingboing.net/2014/01/21/70000-healthcare-gov-
record...](http://boingboing.net/2014/01/21/70000-healthcare-gov-record.html)

Except not. This was misreported and spread like wildfire.

------
theboss
No....No he didn't.

[https://twitter.com/HackingDave/status/425640931690565632](https://twitter.com/HackingDave/status/425640931690565632)

~~~
sp332
That says he didn't hack the site to access the data. In the video he says the
information was collected using "passive reconnaissance" which means he could
get the data without attacking it directly.

~~~
theboss
Yes. It does say he didn't access the data. There is a difference between
passive and active attacks.

