Hundreds of thousands of web and email servers worldwide have a software flaw that lets attackers steal the cryptographic keys used to secure online commerce and web connections, experts say.

They could also leak personal information to hackers when people carry out searches or log into email.

The bug, called "Heartbleed", affects web servers running a package called OpenSSL.

Among the systems confirmed to be affected are Imgur, OKCupid, Eventbrite, and the FBI's website, all of which run affected versions of OpenSSL. Attacks using the vulnerability are already in the wild: one lets a hacker look at the cookies of the last person to visit an affected server, revealing personal information. Connections to Google are not vulnerable, researchers say.

SSL is the most common technology used to secure websites. Web servers that use it securely send an encryption key to the visitor; that is then used to protect all other information coming to and from the server.

It is crucial in protecting services like online shopping or banking from eavesdropping, as it renders users immune to so-called man in the middle attacks, where a third party intercepts both streams of traffic and uses them to discover confidential information.

Bleeding data

The Heartbleed bug – so called because it exploits a failure in an extension called heartbeat – not only lets attackers read the confidential encrypted data; it also allows them to take the encryption keys used to secure the data. That means that even servers which fix the bug, using a patch supplied by OpenSSL, must also update all their keys or risk remaining vulnerable.

More worryingly still, the bug can cause servers to leak other information stored on the server which wouldn't normally be available at all. For instance, one developer reports the ability to see searches made by other users on privacy-focused search engine DuckDuckGo, while another reports similar data leakage from Yahoo. Worse still, Yahoo has been found to be leaking user credentials due to the bug. Yahoo did not return requests for comment.

That data leakage means that servers vulnerable to Heartbleed are less secure than they would be if they simply had no encryption at all. "This allows attackers to eavesdrop communications, steal data directly from the services and users, and to impersonate services and users," explained security group Codenomicon, which discovered the flaw.

Hidden in plain sight

The vulnerability was introduced in 2011, apparently by accident when the opensource code was updated, but the error was only spotted recently. That has raised fears that some attackers may already have been exploiting it to steal information. "Unfortunately it is not clear at the moment that there is any way to know whether this has already happened, since the vulnerability has been around for two years," explains Matthew Bloch, the managing director of hosting company Bytemark.

It is the third serious bug in cryptographic connectivity discovered this year. In February, Apple revealed that a simple programming mistake meant that since September 2013 its iPhone, iPad and newer Mac OS X software all failed to check the security of websites they connected to. It issued a patch for the software in February.

Weeks later a similar flaw was discovered in the open source TLS system, leaving thousands of apps open to eavesdropping. That was reckoned to have been there since 2005.

Stay offline?

For users, the simplest thing to do may be to refrain from engaging in sensitive activities on the internet for a few days. Typical responses to security breaches, such as changing passwords may even serve to exacerbate the problem. While there are tests which will show whether a particular website is vulnerable, checking every site is cumbersome, and the most popular web-based test is suffering under heavy load.



The issue is widespread. "We count at least a few hundred thousand servers using affected library versions so that it poses a significant threat," says Mark Schloesser, a security researcher at penetration testing firm Rapid7. "As the same problem affects other protocols/services such as mail servers and databases, we assume that overall we're looking at millions of vulnerable systems connected to the public internet."

• Yahoo fixes Flickr invitation bug that leaked real names and email addresses