April 11, 2014
The NSA knew about the Internet security bug Heartbleed and regularly used it to gather intelligence for at least two years, anonymous sources told Bloomberg.
If the report is true — both the White House and the NSA say it’s not (see below) — the NSA could have collected information like passwords and private communications from hundreds of thousands of websites, since Heartbleed is a bug in the popular open-source encryption software OpenSSL, used to secure data flowing from users’ computers to hundreds of thousands of websites, including Gmail and Facebook. Almost two-thirds of all sites on the Internet use OpenSSL, according to estimates, making this bug possibly one of the most dangerous the Internet has ever seen and potentially allowing the NSA to access information on millions of users.
Roughly two hours after Bloomberg’s report was published, the NSA and the White House denied the allegations in statements sent to Mashable.