Computer-security expert Bruce Schneier has weighed in on Heartbleed, the security flaw that opens up much of the Web to hacks.

In a post on his blog, Schneier calls Heartbleed a "catastrophic" attack that could allow hackers to easily grab usernames and passwords.

"On a scale of 1 to 10, this is an 11," he writes.

Heartbleed is a flaw in OpenSSL, or the standard encryption many sites and online services use to keep your username and password encrypted. In theory, a hacker can use the Heartbleed flaw to access passwords, encrypted communications such as instant messages, and credit-card information.

Schneier speculates that someone could have intentionally added the Heartbleed bug to OpenSSL, but it's more likely the case that it got in there by accident.

You can read a full explanation of how Heartbleed can affect you right here >>