Computers vulnerable to the Heartbleed bug are actively being targeted online, say security experts.
However, it is not yet clear whether the scanning efforts are benign or are the work of cyber-thieves keen to steal data, they say.
The news comes as some security professionals and developers advised people to change all their passwords. But Google said that logins for its services did not need to be reset unless they were used on other sites.
That contradicted advice from Yahoo’s blogging platform Tumblr and the developers of the app If This Then That who have told users they should change their passwords “everywhere”.
“This is not the first defect of its kind and it certainly won’t be the last, but it is one of the more serious faults we’ve seen in recent internet history,” said Mr Lyne.