The National Security Agency (NAS) have denied that they were aware of the Heratbleed bug before the security flaw was made public.
Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.
The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services.
If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.
– Spokesperson Caitlin Hayden, US National Security Council
The denial follows claims the NSA had known about the flaw for up to two years.
Larry Zelvin, a Department of Homeland Security official who runs an agency centre that monitors and responds to emerging cyber threats said on his White House blog:
"While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems."
Finnish security firm Codenomicon has set up a dedicated website to give people information about the Heartbleed bug, a glitch in the OpenSSL security product that may have put internet users' personal data at risk.
It comes after the firm, along with Google Security, revealed earlier this week that the bug had gone undetected for two years and could be used by hackers to steal sensitive information such as passwords.
Several technology companies have urged the public to reset their passwords amid fears of a major security problem with a product used to protect people's personal data.
The Heartbleed bug affects OpenSSL, which many companies use to protect sensitive information, including people's password.
A small padlock icon appears on websites using OpenSSL to reassure users, but the loophole in the programme could have left it open to exploitation by hackers.
Blogging platform Tumblr posted a public notice about the bug, advising users to "take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking".
Finnish security company Codenomicon also said it would be "a good idea" to change potentially vulnerable passwords.