Millions of passwords, credit card numbers and other sensitive information may be at risk from "Heartbleed," a security bug in an obscure kind of software.
The bug was accidentally added to software called OpenSSL that sets up an encrypted data channel between computer users and a website's remote server.
A small padlock icon appears on websites using OpenSSL to reassure users, but the so-called "Heartbleed" loophole could have left it open to exploitation by hackers.
A Finnish online security firm and Google Security, who disclosed the threat, say the glitch went undetected for at least two years.
Security experts are advising the public to upgrade their own security practices and change all their passwords.
Experts fear hackers may have already been exploiting the problem before its discovery.
The Canadian Revenue Agency even shut off all its access to its online tax services, because the "Heartbleed" bug has made data on major websites vulnerable.
Fortunately, most major Web services such as Google, Yahoo, Facebook and large banks say they have already applied fixes to the affected servers and services.
However, it could be days or weeks before smaller websites that rely on OpenSSL fix the issue.
Because a "Heartbleed" attack leaves no trace behind, and the potential damage is significant, websites that use OpenSSL are advised to act as though they've been compromised.
The extent of damage from the bug remains unknown.
Shin Se-min, Arirang News.