The majority of websites have been made vulnerable by a major flaw in internet security which has gone undetected for two years.
The fault, dubbed the Heartbleed bug, has left 66% of sites – including Google, Amazon, Yahoo and Facebook – open to devastating attacks by hackers.
Millions of people were yesterday urged to change their passwords to protect sensitive details – such as log-in codes, emails and banking data – from being stolen.
But because the attacks leave no trace, it is unknown how much personal information has already been stolen.
Security expert Bruce Schneier said: “On a scale of 1 to 10, this is an 11. The right word is ‘catastrophic’.”
Researchers at Google, who discovered the CVE-2014-0160 bug on Monday, say it is a coding error in software, popular with e-commerce sites.
OpenSSL encryption allows people a secure line so they can email, chat and shop securely.
Users see a little padlock icon appear in their web browser search bar, which indicates sensitive data is protected.
But hackers can use the Heartbleed bug to essentially grab at information a computer thinks it is hiding.
Tony McDowell, of Encription Ltd which advises the Government’s online security unit at GCHQ, said: “This is ‘Day Zero’.
Tech giants spot the issue and fix it – but there’s a gap when everyone is vulnerable.”
Ollie Whitehouse, of cyber security firm NCC Group, added: “Someone with a moderate level of technical skills can launch successful attacks. It is prudent for the public to change their passwords.”
Google warned some firms about the bug before making it public so they could update a new version of OpenSSL.
But it appears rival Yahoo was not included. Its blogging site Tumblr said: “Change your passwords everywhere.”
A Yahoo spokeswoman said: “We have successfully made the appropriate corrections across main Yahoo properties.”
Amazon said: “With the exception of a small number of services, we have determined our services were either unaffected or do not now require customer action.”
The Heartbleed bug could affect banking, shopping and dating websites as well as email services.
Last night, Lloyds, NatWest and the Royal Bank of Scotland said their websites were not vulnerable to attack.
Follow us: @DailyMirror on Twitter | DailyMirror on Facebook
PC Workshop for all your PC problems ring 01925 713359
This is reprinted courtesy of the Daily Mirror