According to the post below:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
It's likely the NSA has been fully aware of OpenSSL's vulnerabilities and has been exploiting its existence - without making others aware of this issue - in order to continue gathering intelligence in what is probably their most successful form of private information harvesting given that they would have been able to do so from a large amount of high-profile, high-traffic websites that would most likely have been vulnerable for a while now.
Oh no, now the world is going into great depression.
I am still trying to figure out how this is a surprise?
remember when they said "we're doing it all for security"
Well, they can't say that anymore.
All the voices that proclaimed that the NSA was making us less secure have been proven right. Because knowingly leaving the internet-infrastructure vulnerable to such a degree is reckless endangerment of the most serious kind. They demonstrate clearly that they are not on our team.
If the NSA did not know about this enormous gaping IT-sec hole, they ought to be shut down on incompetence alone. If they can't even compete with common criminals who evidently managed to find out...