The faulty code allows anyone to read the memory of systems which use the popular OpenSSL software. It was written by a German, Robin Seggelmann from Münster, in 2011 while he was working on the code in his spare time.
Seggelmann said the code was a mistake which was made while trying to improve OpenSSL.
In an email to Spiegel Online he described the mistake as “fairly trivial”.
Seggelmann’s code was incorporated into the finished software and remained unnoticed for more than two years.
The SSL encryption is used by a variety of websites, email services and chat programs and is one of the building blocks of security log-ins.
But the bug allows attackers to steal important data from encrypted connections. Users have been advised to change all their passwords.
Google announced that its own internet search, email service and YouTube had been secured with updates. Banks also had to close security holes in their systems.