The U.S. National Security Agency knew about the so-called Heartbleed bug for at least two years – and often used it to gather information.

Sources say the N-S-A used Heartbleed to obtain passwords and other basic data – but also left millions of ordinary users vulnerable to attack from spies and criminal hackers.

The N-S-A decision to keep the bug secret in pursuit of national security interests threatens to renew the heated debate over the role of the government’s top computer experts.

Heartbleed appears to be one of the biggest glitches in the internet’s history.

It’s a flaw in the basic security of as many as two-thirds of the world’s websites.

Here in Canada the federal government has shut down many of its web sites over concerns about Heartbleed.