The Heartbleed bug, an exploit that allows hacking emails, file storages and banking, is taking over the internet.
The bug is described as a “serious vulnerability” in the popular OpenSSL cryptographic software library which affects the web, email and instant messaging among other applications.
Tech firms around the world are telling users to change their passwords.
Security technologist Bruce Schneier called the bug “catastrophic” and said, “On the scale of one to 10, this is an 11.”
The bug was discovered by security firm Codenomicon and Google researcher Neel Mehta. While CVE-2014-0160 is the official name of the bug, it is known informally as Heartbleed.
“This [Heartbleed bug] compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content,” Codenomicon said. “This allows attackers to eavesdrop communications, steal data directly from the services and users, and to impersonate services and users.”