Update 5:36 p.m. EDT:
The White House is denying the Bloomberg report.
A National Security Council spokesperson said, "This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL."
The U.S. National Security Agency has been aware of the Heartbleed security flaw for at least two years and routinely exploited it for intelligence-gathering purposes, Bloomberg News reported.
NSA kept its knowledge of the Heartbleed bug secret in order to exploit the flaw for national security purposes and interests, obtaining passwords and other data. That left computer servers and Internet users exposed to attacks from others who may have known about the existence of the security flaw, such as hackers and other intelligence agencies from other countries.
This latest development in the Heartbleed bug comes less than a year after the NSA’s massive secret intelligence gathering program, PRISM, was exposed by The Guardian in June, sparking an international debate about privacy and security on the Web.
The Heartbleed bug, which was disclosed this week, has sent the Internet scrambling to secure websites, hardware and software, and was inadvertently introduced into OpenSSL coding accidentally two years ago, slipping under the radar of security analysts and programmers.