The flaw came to light by analysing more than seven million public keys which are used to secure online transactions, email messages and other web services.
The researchers discovered that a flaw in the process for generating random prime numbers – a critical component of the public key encryption – resulted in thousands of public keys sharing common prime numbers.

"What surprised us most is that many thousands of 1024-bit RSA moduli, including thousands that are contained in still valid X.509 certificates, offer no security at all," the research paper states.