Washington: The Heartbleed bug was revealed on April 7 by Google and Finnish security firm Codenomicon, and affects OpenSSL, a software program used to encrypt Internet communications. It has been estimated that two-thirds of web servers were vulnerable.
Google reported that the spy agency had been aware of the bug for at least two years and used it to obtain passwords and other basic information via hacking operations but White House and US intelligence agencies said on Friday that neither the National Security Agency nor any other part of the government were aware before this month of the Heartbleed bug.
Security researchers say the breach allows hackers to access small bits of information at a time that could lead to personal and financial information stored on a website and steal that without leaving a trace.
Iis not only one of the most serious online security breaches in recent memory, it has also demonstrated how difficult it is for websites to tell their customers whether they're at risk or not.
NSA spokeswoman Vanee Vines said in a separate statement: “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report.”