The NSA knew about the Internet security bug Heartbleed and regularly used it to gather intelligence for at least two years, anonymous sources told Bloomberg.
If the report is true — both the White House and the NSA say it's not (see below) — the NSA could have collected information like passwords and private communications from hundreds of thousands of websites, since Heartbleed is a bug in the popular open-source encryption software OpenSSL, used to secure data flowing from users' computers to hundreds of thousands of websites, including Gmail and Facebook. Almost two-thirds of all sites on the Internet use OpenSSL, according to estimates, making this bug possibly one of the most dangerous the Internet has ever seen and potentially allowing the NSA to access information on millions of users.
SEE ALSO: The Heartbleed Hit List: The Passwords You Need to Change Right Now
Roughly two hours after Bloomberg's report was published, the NSA and the White House denied the allegations in statements sent to Mashable.
"NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report," an NSA spokesperson wrote in a statement to Mashable. "Reports that say otherwise are wrong."
The White House National Security Council Spokesperson Caitlin Hayden also said that neither the NSA nor any other federal agency knew about the Heartbleed bug.
"If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL," Hayden said in the statement.