The flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server – including usernames, passwords and cryptographic keys being used inside the site. Those at risk include Deutsche Bank, Yahoo and its subsidiary sites Flickr and Tumblr, photo-sharing site Imgur, and the FBI.
About half a million sites worldwide are reckoned to be insecure. “Catastrophic is the right word,” commented Bruce Schneier, an independent security expert. “On the scale of 1 to 10, this is an 11.”