Major sites are scrambling to correct a flaw that could put personal information like passwords, credit card numbers and other sensitive bits of information at risk.
The threat, known as "Heartbleed", affects sites that use an open source encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce.
"Heartbleed" is particularly troubling because it went undetected for more than two years.
A Google Inc. researcher and an independent Finnish security firm discovered the bug last week, and a fix has already been created.
Google, Facebook, Yahoo and Amazon say they've taken steps to secure their sites. It could take the smaller websites months to make the fix.
Computer security experts are advising people to considering changing all their online passwords.
"I would change every password everywhere because it's possible something was sniffed out," said Wolfgang Kandek, chief technology officer for Qualys, a maker of security-analysis software. "You don't know because an attack wouldn't have left a distinct footprint."
But changing the passwords won't do any good, these experts said, until the affected services install the software released Monday to fix the problem. That puts the onus on the Internet services affected by Heartbleed to alert their users to the potential risks and let them know when the Heartbleed fix has been installed so they can change their passwords.
For more information on how to protect yourself, visit www.heartbleed.com.
The Associated Press contributed to this report.
