San Francisco - Millions of web users faced internet havoc Wednesday after security researchers revealed that a newly-discovered bug dubbed "Heartbleed" has made data on many of the world's major websites vulnerable to theft by hackers.
The bug - which represents one of the most serious global security flaws revealed in recent years - makes it possible for hackers to retrieve code from websites that would give them access to other information, including user data and passwords.
Tumblr, the popular social network owned by Yahoo called on its users to change their passwords, in one of the highest-profile admissions of vulnerability.
"The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr said in a statement on Tuesday.
Since news of the security flaw reached the public domain late on Monday, thousands of websites have been reviewing their servers to see if they were using vulnerable versions a type of software known as OpenSSL.