NEW YORK (AP) — Passwords and other sensitive data are at risk after security researchers discovered a problem with an encryption technology used to securely transmit email, e-commerce transactions, social networking posts and other Web traffic.
The problem was found in OpenSSL, a technology that is the basis for encrypting Web traffic. Researchers say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. That means many websites potentially have this security flaw.
Researchers say the technology is also used to secure email, chats and virtual private networks, which are used by employees to connect securely with corporate networks.
The flaw was discovered independently by researchers at Google and the Finnish security firm Codenomicon.
A fix is available, but websites and service providers must install the update.