After temporarily shutting down their certificate issuance services in September, GlobalSign released a report on the events that took place after they learned ComodoHacker breached their systems.
The evidence indicates no root certificate keys and associated Hardware Security Modules (HSM), Issuing Authorities and associated HSMs, and Registration Authority (RA) services suffered compromised.
There was also no damage to the certificate authority’s (CA’s) infrastructure.
The company reports only a peripheral web server where the public website was hosted suffered compromise, but fortunately, the server was not part of the certificate issuance infrastructure.
They said only HTML pages, publicly available PDF documents and the key and certificates assigned to globalsign.com ended up exposed to the hacker, but the company revoked the key and the certificate.
The timing on the impact to customers was between September 6 and 15 when they temporarily halted the issuance. During that period, third party security solution providers like Fox-IT and Cyber Security Japan analyzed and reinforced the breached infrastructure.
GlobalSign continues to collaborate with authorities while they gathered more evidence on ComodoHacker and the other actors involved.
“As one of the longest operating Certification Authorities, the worldwide GlobalSign team is aware of the impact to customers and partners of halting Certificate issuance for any period of time,” read the response from the organization’s executive team.
“The executive team apologizes sincerely for the inconvenience caused when undertaking such an important decision. However the organization stands by the decision and maintain that the ultimate duty of care for GlobalSign, like all responsible CAs, is to avoid issuance of rogue Certificates.”