Today, Mar. 4 seemed to be the best day to lessen your internet consumption as reports said that leading non-profit certificate authority accidentally leaked millions of security certificates of the most visited websites all over the world. Yup, Facebook, and even Google might be part of this long list of unsecured websites due to security failure.
Hack warning! March 4 is NO Facebook or Google Day with this pose security threat
As reported via the BBC, most of the well-known websites that you visit every day might be unsecured for you to use today. This is due to the reason that famous free certificate authority named Let's Encrypt said that it would invoke three million Transport Layer Security or TLS certificates on Wednesday, Mar. 3.
"Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you'll need to renew and replace your affected certificate(s) by Wednesday, Mar. 4. We sincerely apologize for the issue."
Digital certificates are one of the most important detail in creating websites. They contain small pieces of codes that are created with complicated engineering, which assures that devices and sites are in harmony and an encrypted manner for hackers not quickly to enter the system. Every time a certificate distributor releases these digital certificates, only limited time is allotted for the certificates to be expired.
Once this is gone, websites that do not have security certificates might cause millions of them to be open and more prone to hacking and may not easily protect sensitive data from the said websites.
No worries, though, if you happen to open a website that was revoked with the certificate, the website will flash you a warning saying that the site is 'insecure' and may affect your personal data once used for a long time.
Which websites will be affected by the breach?
Unfortunately, Let's Encrypt did not list down all the websites that are now prone to internet hacking due to security failure. However, the company was said to have high-profile backers like Facebook, Google, and Cisco.
Though it is not yet verified whether these popular websites were part of the said certificate revoking, users might have to be careful about using them today.
Clients of Let's Encrypt are not happy with this
Most of the clients of Let's Encrypt said that they are not satisfied with how the company handles this massive security breach. As interviewed by ThreatPost, certificate owners were disappointed with the company since they were only given 24 hours to fix and update their digital certificates.
"I manage 200 domains across 20 servers and have until the end of the day to fix the problem," said Mark Engelhardt, IT consultant with Intuitive Engineering, in Montpelier, Vt. "Let's Encrypt did not handle this in an ideal fashion at all."
Let's Encrypt executive director Josh Aas explained that the 24 hours allotted time to fix the bug is only dictated to them, and they need to follow in order for most websites to be secured immediately.
"There are certainly some hardships here, and we recognize that. But, the timeline in which we are operating is dictated to us," Aas said. "We have a certain amount of time after we learned about an incident to respond."