The US government and intelligence agencies have denied that the NSA knew about and exploited the Heartbleed security hole to overcome encryption software and gather private information.
The denials follow a report from Bloomberg, citing two well-placed unnamed sources, that the NSA was aware of the bug for two years, and used it to gather passwords and other information in hacking operations.
"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," the White House National Security Council spokeswoman, Caitlin Hayden, said in a statement. "This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet."
The discovery of the bug prompted the Department of Homeland Security to advise businesses to check their servers to see if encryption software called OpenSSL was being used, which has glitches that can be exploited by the bug for email passwords and other private information.
It is used by companies including Yahoo, Facebook and Google.
An NSA spokeswoman, Vanee Vines, said in a separate statement: "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report."