A few days after the public learned about Heartbleed, reports are surfacing that the U.S. National Security Agency knew about the flaw for years.
According to Bloomberg, the NSA knew for at least two years about Heartbleed and regularly used it to gather critical intelligence, two people familiar with the matter said.
In a statement to the Huffington Post, the Office of the Director of National Intelligence said the reports are untrue.
“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report …. Reports that say otherwise are wrong.”
However, the NSA reportedly devotes millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers.
Heartbleed is reportedly one of the biggest glitches in internet history.
The bug affected nearly two-thirds of the world’s websites and security experts are urging users to change their passwords immediate if you have an account with these websites.