(NEWSER) – A major flaw in one of the Internet's chief security methods has exposed users' confidential information to hackers for the last two years, security researchers revealed Monday night. The "Heartbleed" bug affects the OpenSSL security protocol used by some two-thirds of websites to protect sensitive data as it moves back and forth. Major websites are scrambling fix the problem (Yahoo did so yesterday), reports the BBC, but experts suggest users change their passwords as soon as they are sure the sites they use are secure—or even avoid the Internet for a few days. "I would change every password everywhere," one tells the AP.

Read the full story on Newser.com