COLORADO SPRINGS, Colo. -

Security researchers say millions of Internet surfers may have had their passwords, credit card numbers and other sensitive bits of data exposed by computer hackers.

The breach, codenamed "Heartbleed", may have gone undetected for more than two years before being discovered recently.  The breach affects the kind of encryption technology most of us rely on to protect online accounts for everything from email to social media to online shopping and banking.

There is now a way to close the security hole, and most major websites, including Facebook, Google and Amazon have fixed the problem. But computer security experts suggest that's the electronic equivalent of locking the barn door long after the cows have escaped.

"Am I surprised? A little bit," said Craig Smith, chief cyber intelligence officer with Shepherd & Smith Cyber Intelligence Group.  "But at the same time, any technology can have a flaw in it."

Smith said the significant breach is a reminder to web users that exploits, coding mistakes and security problems are a repercussion of the digital age.  

As far as the Heartbleed flaw goes, Smith said there's not much a consumer can do to fix the problem.  The fix has to come from the website itself.  But Internet users can take steps to protect themselves.

"What I would recommend is consumers change their passwords now," Smith said.  "Change their passwords within two weeks and then change their passwords one month from now.  So that's three password changes. By then, this patch should be remedied across the board."

Smith said you should never use the same password for multiple websites, and recommends using as many characters as possible.

"You can have something like a book by your desk and you could take several sentences or paragraphs out of that book and make that your password," he said.  "Only you would know what page it's on."

Smith added that you should add numbers and symbols and include both capital and lowercase letters.  He recommended the app Secure Safe to store multiple passwords.

Most major banks have fixed the security flaw.  If you've shared personal information with a small, local bank or business online, Smith recommends calling it to double check if the bank or business implemented the patch.  In addition, Smith recommends checking your bank statement often to look for any discrepancies.