Ellis wrote that Akamai's code did not protect three of six critical values of an RSA key, which is a long number generated by an algorithm and is used to create an encrypted connection. Those values could be exposed by exploiting the Heartbleed bug, which could allow an attacker to calculate the private key, he wrote. The company is evaluating other claims made by Pinckaers.
With a private SSL key, it's possible for a hacker to set up a fake website that passes a cryptographic security verification. It would also allow for a man-in-the middle attack, where encrypted traffic is intercepted and read.
Ellis wrote that issuing new SSL keys and certificates may be fast in some cases, but those that require extra validation with certificate authorities may take longer.
Akamai could not be immediately reached for further comment on Sunday.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk