years, due to a flaw in software used to encrypt and transmit personal data.

Shin Se-min reports.

Millions of passwords, credit card numbers and other sensitive information may be at

risk from "Heartbleed," a security bug in an obscure kind of software.

The bug was accidentally added to software called OpenSSL that sets up an encrypted data

channel between computer users and a website's remote server.

A small padlock icon appears on websites using OpenSSL to reassure users, but the so-called

"Heartbleed" loophole could have left it open to exploitation by hackers.

A Finnish online security firm and Google Security, who disclosed the threat, say the

glitch went undetected for at least two years. Security experts are advising the public to

upgrade their own security practices and change all their passwords.

Experts fear hackers may have already been exploiting the problem before its discovery.

The Canadian Revenue Agency even shut off all its access to its online tax services,

because the "Heartbleed" bug has made data on major websites vulnerable.

Fortunately, most major Web services such as Google, Yahoo, Facebook and large banks

say they have already applied fixes to the affected servers and services.

However, it could be days or weeks before smaller websites that rely on OpenSSL fix

the issue. Because a "Heartbleed" attack leaves no trace

behind, and the potential damage is significant, websites that use OpenSSL are advised to act

as though they've been compromised. The extent of damage from the bug remains

unknown. Shin Se-min, Arirang News.