On Monday afternoon, the open-source OpenSSL project released an emergency security advisory warning of “Heartbleed,” a bug pulls in private keys to a server using vulnerable software, allowing operators to suck in data traffic and even impersonate the server.

As described by the Verge, Heartbleed “allows an attacker to pull 64k at random from a given server's working memory. It's a bit like fishing — attackers don't know what usable data will be in the haul — but since it can be performed over and over again, there's the potential for a lot of sensitive data to be exposed. The server's private encryption keys are a particular target, since they're necessarily kept in working memory and are easily identifiable among the data. That would allow attackers to eavesdrop on traffic to and from the service, and potentially decrypt any past traffic that had been stored in encrypted form.”