NSA knew about and used Heartbleed web exploit

The tech web has been abuzz this week about what has been dubbed “Heartbleed,” a code exploit in the OpenSSL encryption system, which could have allowed hackers and cyberterrorists to access login credentials from some of the biggest websites in the world over the last two years. Lists were quickly constructed to explain to users which sites were affected and which passwords they needed to change immediately.

It turns out the NSA has known about the Heartbleed vulnerability for years, but never warned anyone that millions of Americans’ online identities could be at risk. Indeed, not only did they not sound the alarm, the  NSA used the bug to access those online accounts in its already questionable surveillance activities.

Healthcare.gov users advised to change passwords

HealthCare.gov Heartbleed password prompt

Since the recent revelation about “Heartbleed,” a code exploit in OpenSSL encryption that allows hackers to access personal information, a number of websites have asked users to update passwords to protect themselves against any potential security breach.

The National Security Agency reportedly knew about Heartbleed for years and used the exploit to get around security encryption to access online accounts. The controversial intelligence agency, however, apparently never told anyone that about the security risk.

Though they say that “[t]here’s no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk,” federal officials are now advising users who have accounts on the federal Obamacare exchange to change their passwords:

The views and opinions expressed by individual authors are not necessarily those of other authors, advertisers, developers or editors at United Liberty.