Software used by millions of web servers, retailers, operating systems, email and instant messaging services has been accidentally infected by The Heartbleed Bug for around two years, it turns out.
Aside from having the most post-hardcore name a serious web vulnerability has ever had, the bug could allow shady internet types to steal encrypted information from OpenSSL software that is usually (and should be) protected.
It lets them read system memories containing the encryption keys, which meant that they could de-scramble names, passwords, credit card details and even things like email content. To add to the panic, the bug doesn't leave any trace of where it's been or what it has done, so there's no way of knowing how many people have been affected.
The Heartbleed Bug basically means that a whole lot of "secure" web services are not actually all that secure right now - Netcraft's research indicates that around half a million of the internet's services could have been affected.
Systems confirmed to be affected include Imgur, OKCupid, Eventbrite and the FBI's website.
Fix up, look sharp
A fix to the OpenSSL, known imaginatively as Fixed OpenSSL, has been released and is currently being rolled out by the companies that sell and manage the web-software but it's likely to take some time before all services are secure again.
Any services that have been affected by the breach should be contacting customers to let them know if they may have been affected - changing your password before the fix is implemented is unlikely to help.
If you're dealing in sensitive information online, the soundest advice is to stay offline for a few days.
Update: Yahoo sent TechRadar the following statement regarding its Heartbleed Bug eradication:
"A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours. As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr) and we are working to implement the fix across the rest of our sites right now. We're focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users' data."
Article continues below