In April 2014, the Heartbleed vulnerability hit the internet by surprise. Heartbleed was the name given to the CVE-2014-0160, which was a simple to exploit in Open SSL that allow attackers to view cryptographic keys, login credentials and other private data. Open SSL was one of the most widely used secure (supposedly) transports on Apache and Nginx web servers.
It is estimated that up to 55% of the Alexa Top 1 Million HTTPS-enabled websites were open to the vulnerability at the time of its announcement. This software security flaw affected Bitcoin clients and exchanges, Android devices, email servers, firewalls made by big names like Cisco and Barracuda, and millions of websites. How was this bug found? By Google and Codenomicon security engineers running scans and testing OpenSSL.