Yet another certificate authority (CA) has added its name to the list of CAs hacked this year.
Gemnet, a subsidiary of KPN, took its Website taken offline as it investigates the attack. According to a statement by KPN, the “hack of the site has no connection with the issuance and management of Government PKI certificates.”
The incident was made public in a report by Webwereld, which reported that the attacker was able to hack gemnet.nl through a phpMyAdmin installation that was not protected by a password. Though few details have been released so far by the company, KPN said the attackers compromised a server. The company is investigating the incident, and said the hacker only had access to “general visitor information.” In the meantime, the Gemnet Website remains down.
This is one of a number security incidents involving CAs this year. Last month, KPN temporarily stopped issuing certificates after concerned were raised about a possible breach. In March, an attacker hit a Comodo affiliate registration authority and stole the username and password for a trusted Comodo partner. Five months later, certificate authority DigiNotar admitted it had been hacked earlier in the year. In the ensuing fallout, browser vendors revoked hundreds of bogus SSL certificates that were issued by DigiNotar. The situation ultimately forced the company to declare bankruptcy in September.
