More than five million companies were left vulnerable to potential fraud due to the bug, which left criminals free to change the confidential data of other businesses.