"We never accessed 70,000 records nor is it directly on the Healthcare.gov website," wrote Kennedy in an update to an earlier blog post. "No dumping of data, malicious intent, hacking, or even viewing of the information was done." In short, Kennedy explained that he used basic Google tools to search the Web site, but he didn't hack it. Some media reports, however, latched onto this line in his original post: "The 70,000 mark of information disclosure being reported was through using a basic Google search terms and browsing through a web browser" and assumed Kennedy had been able to access 70,000 records.
WALLACE: You say you did not hack the site and, yet, you say you could access 70,000 records of various people who have signed up for health care under -- at the website within four minutes. How do you know that if you haven't hacked the site? KENNEDY: That's a great question. There is a technique called -- what we call passer reconnaissance, which allows us to queering look at how the website operates and performs. And these type of attacks that, you know, I'm mentioning here in the 70,000 that you're referencing is very easy to do.