Security researchers say the bug, which affects software used by two out of every three web servers, made personal info vulnerable to attackers.