Anchored by Jake Tapper, The Lead airs at 4 p.m. ET on CNN.
A look at Obama's immigration plan. Plus, how long Takata knew of problems with its airbags.
(CNN) – It's probably a good time to update your passwords. An encryption bug known as "Heartbleed" hit the headlines this week. Experts are calling it of one of the biggest security threats the internet has ever seen.
It's a loophole that may have left two-thirds of websites vulnerable to attack, and if that's not alarming enough, it appears the National Security Agency may have known about this bug for two years, without saying a word.
Indeed, the NSA actually used the encryption flaw to gather intelligence, according to Bloomberg News.
The White House denies that is the case.
"NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report," a national intelligence official tells CNN.
"If the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL," according to the official.
Several programs were jeopardized by "Heartbleed," including Facebook, Gmail, Pinterest, YouTube, tumblr, Netflix, and even some Amazon services.
By now, most sites that were vulnerable to the flaw say they've patched it.