Washington, April 17 (RHC)-- The U.S. National Security Agency has reportedly known of the massive new Internet bug "Heartbleed" for several years — and even adopted it for its own use. Bloomberg News reports the NSA was made aware of Heartbleed in early 2012.

Reports say that the bug leaves private web information open to theft by hackers, including passwords and browsing history. Instead of reporting Heartbleed to repair its flaws, the NSA apparently began using it as a means to steal passwords.

The NSA has denied the report, saying it wasn’t aware of the Heartbleed vulnerability until it became public this month. If confirmed, the use of Heartbleed would apparently fall under a newly revealed exemption for the NSA’s handling of Internet security flaws.

According to The New York Times, President Obama has exempted the NSA from disclosing major Internet bugs in cases where "a clear national security or law enforcement need" would justify keeping it secret.