It is certainly possible (maybe even probable) that in the past two years — since the creation of the «
Heartbleed» code — a malicious hacker or espionage organization has been collecting and
exploiting the
vulnerability, but there isn't currently any evidence that this happened to anyone.