(Image source from: Heartbleed bug affecting encryption)

A startling lapse in Internet security has put millions of passwords, credit card numbers and other sensitive information at potential risk of theft by hackers.

A bug called “Heartbleed” attack has hit the encryption technology that secures online accounts for emails, instant messaging and a wide range of electronic commerce.

Security researchers are worried about the extent of the breach as the bug has gone undetected for over two years now.

“Although there is now a way to close the security hole, there are still plenty of reasons to be concerned,” said David Chartier, CEO of Codenomicon.

The bug was discovered by a small team from the Finnish security firm as well as another Google Inc. researcher.

“I don’t think anyone that had been using this technology is in a position to definitively say they weren’t compromised,” Chartier said.

Computer security experts are advising all to change all their online passwords.

“I would change every password everywhere because it’s possible something was sniffed out,” said Wolfgang Kandek, chief technology officer for Qualys, a maker of security-analysis software. “You don’t know because an attack wouldn’t have left a distinct footprint.”

But changing the passwords won’t help until the affected services install the software to fix the breach. Internet services affected by Heartbleed have to aware their users about the potential risks and alert them after “Heartbleed” has been fixed so they can change their passwords.

AW: Suchorita Choudhury