An alarming lapse in Internet security has exposed millions of passwords, credit card numbers and other sensitive bits of information to potential theft by computer hackers who may have been secretly exploiting the problem before its discovery.
The breakdown revealed this week affects the encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce.
Security researchers who uncovered the threat, known as "Heartbleed," are particularly worried about the breach because it went undetected for more than two years.
Although there is now a way to close the security hole, there are still plenty of reasons to be concerned, said David Chartier, CEO of Codenomicon. A small team from the Finnish security firm diagnosed Heartbleed while working independently from another Google Inc. researcher who also discovered the threat.
"I don't think anyone that had been using this technology is in a position to definitively say they weren't compromised," Charier said.
Chartier and other computer security experts are advising people to consider changing all their online passwords.