Dear God, healthcare.gov is so stupidly coded it tells you if your user name is invalid, violating basic security precautions. Some security experts say it should be shut down until it’s fixed. If the site gets hacked and data is stolen, results will be catastrophic.
The site lets people know invalid user names when logging in, allowing hackers to identify user IDs, according to the report.
If someone enters an invalid login name or password, the system should say “invalid login” without giving details as to which one was wrong. Why give hackers information they can use, like telling them if a username is valid?
Healthcare.gov has 25x more code than Facebook? Are the contractors paid by the line? This is complete insanity.
The experts said the site needed to be completely rebuilt to run more efficiently, making it easier to protect. They said HealthCare.gov runs on 500 million lines of code, or 25 times the size of Facebook, one of the world’s busiest sites.