Hackers may have been intercepting web passwords and browsing history for the past two years because of a bug in widely used web encryption technology.