KPN has become the latest company to halt its SSL certificate operations following the discovery of a security breach – in this case, an intrusion that took place four years ago and remained undetected.
On Friday, KPN said it would temporarily stop issuing certificates while it carries out an investigation, the results of which are expected early this week.
False SSL certificates could be used to trick a user into revealing sensitive data via a website that appears to be secure.
“During an investigation into the SSL web server, evidence was detected that could indicate an incident four years ago,” KPN said in a statement.
The intruders appeared to have intended to make use of the server to launch distributed denial of service (DDoS) attacks against other organisations, KPN said.
“Although there is no evidence that certificate production was compromised, it cannot be completely excluded that this may have happened,” KPN stated.
The company said it has replaced the affected web servers and has brought in independent investigators who are looking into the matter, with the oversight of the Dutch government.
The incident follows security breaches at several SSL certificate authorities (CA) this year, including DigiNotar, another Dutch firm, which resulted in the issuance of at least 500 false certificates for websites such as Gmail, Skype, Adobe, the CIA, MI6, Facebook, Twitter, Tor, WordPress, Mossad, AOL and LogMeIn.
Many web browser makers removed DigiNotar from their lists of trusted authorities and the company itself filed for bankruptcy in September as a result of the attack.
Ironically, KPN said at the time that it had seen a boost in its own certificates business as a result of the DigiNotar attack.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…