"The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said..."
Massive OpenSSL Bug 'Heartbleed' Threatens Sensitive Data
By Danny Yadron Updated April 8, 2014 7:29 p.m. ET

Security Advisory: Heartbeat overflow issue

NSA Said to Exploit Heartbleed Bug for Intelligence for Years - Bloomberg
By Michael Riley Apr 11, 2014 6:14 PM CT

U.S. Denies Knowledge of Heartbleed Bug on the Web
By DAVID E. SANGER and NICOLE PERLROTHAPRIL 11, 2014