Hackers managed to breach the ObamaCare website this summer, federal authorities say, but it doesn't sound like they were very ambitious ones: Officials say no data was stolen and servers containing personal information were not accessed, CNN reports. Instead, what appeared to be fairly standard malware was uploaded but never activated. The security breach happened after a test server that wasn't supposed to be connected to the Internet was mistakenly connected—and protected only by the maker's default password.
"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," a Health and Human Services spokesman says. "We have taken measures to further strengthen security." A cybersecurity expert at TrustedSec LLC says he suspects this isn't the first time HealthCare.gov has been hacked. "There are fundamental flaws in how they're coding the website, and it's going to take a long, long time to fix it," he tells Reuters. "It continues to be a really big, glaring security hole." (More malware stories.)