While most major websites have now been updated to address issues caused by the "Heartbleed" OpenSSL exploit, it looks like its effects will continue to be felt for some time. The latest development involves the U.S. government's Heathcare.gov site, which has had its own well-publicized server issues in its short history.
The site is now telling its users that they must create a new password before signing in again. The post says that while there is no evidence of any personal information being taken from Healthcare.gov, the Heartbleed exploit has caused the people who run the site to address these issues "out of an abundance of caution."
Re/code reports that the move was made after a review of Healthcare.gov by the Department of Homeland Security. In its own post on the subject of Heartbleed, the DHS states that many major government websites don't use OpenSSL and therefore are not affected by the exploit.
As we reported this weekend, the first known arrest of a hacker who exploited Heartbleed for his own ends was made by the Canadian government. 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario is charged with attempting to take personal information from the Canada Revenue Agency’s website.