The bug itself may be called “Heartbleed,” but what shouldreally get your blood pumping is the potential loss of yourmembers' personally identifiable information, including credit carddata and passwords.

The bug, which has been on the Internet undetected for roughlytwo years, did not attack individual websites or companies likerecent hacks into the systems of Target, Mt.Gox, and others. Instead, Heartbleed exploited a flaw in thecode that was designed to keep servers secure.

Tens of thousands of servers that house data for thousands ofwebsites could be affected by the bug. In essence, all Internetusers who conduct business transactions or even have passwordssaved on websites could be affected.

Finnish security firm Codenomicon, which helped discover thebug, said this could be one of the worst invasions of privacy inInternet history.

“This compromises the secret keys used to identify the serviceproviders and to encrypt the traffic, the names and passwords ofthe users and the actual content,” the firm said. “This allows attackers toeavesdrop on communications, steal data directly from the servicesand users and to impersonate services and users.”

The firm said it tested the exploitable code on its own servers,and it was able to enter and leave without a trace. Those who madethe popular code, Open SSL, released a fixed version that does nothave this vulnerability, although widespread adoption may take sometime. In one key instance, Yahoo confirmed to Reuters thatYahoo Mail was vulnerable to the bug, but a spokesman said allmajor Yahoo sites have been patched since the bug's discovery.

It's currently unclear whether the security bug has beenexploited on a widespread basis. As Lindsey Bever ofthe Washington Post wrote,“It's as if someone went on vacation not knowing the lock on thefront door was broken. Could someone walk in? Yes. Will they? Didthey? Who knows?”