Americans with accounts on US President Barack Obama's health insurance enrollment website have had their passwords reset to guard against the "Heartbleed" bug, acccording to a message posted on the site on Saturday.
The warning marks the latest fallout from the widespread security bug, which surfaced this month and allows hackers to steal data online without a trace. Companies from Amazon to Google have been forced to take steps to protect against Heartbleed.
A message on HealthCare.gov said users who visited the website would need to create a new password to access their accounts.
"While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution," the message read.
The Heartbleed security flaw is a "catastrophic bug" believed to affect two out of every three web servers, according to the Electronic Freedom Foundation.
HealthCare.gov, a health insurance exchange for the 36 states that opted out of creating their own state insurance exchanges, was created under Obama's signature health care law, the 2010 Patient Protection and Affordable Care Act.
The website's launch last fall was dogged by complaints that many users could not access the site to buy insurance or research healthcare plan options. Most of the website's most prominent flaws were eventually remedied.
Obama last weel announced 8 million people had signed up by the latest enrollment deadline of April 15. The program's original goal was 7 million signups by the end of March, which was met.
Critics of Obama's health initiative have suggested HealthCare.gov might be vulnerable to security flaws.
The Heartbleed bug exploits a glitch in a widely used web encryption program known as OpenSSL.
It has not affected only corporations.
Canada's tax-collection agency said this month that the private information of hundreds of people had been compromised as hackers exploited the Heartbleed bug.