TurkTrust Data Breach (2012)

A Turkish certificate authority mistakenly issued two intermediate CA certificates to untrusted users, giving them the power to create a certificate for any domain. For the third time in two years, an incident at one of the hundreds of certificate authorities that underpin the security of the Internet allowed a group—or in this case, a machine—the ability to pose as a legitimate online service provider. In a statement posted Jan. 3, Google announced that its Chrome browser "detected and blocked an unauthorized digital certificate" for its domain Dec. 24. The online services giant provided few details, but tracked the certificate back to a legitimate provider of digital encryption and certificate products, TurkTrust. Google updated its Chrome browser to revoke the two powerful certificates that had been mistakenly issued and the certificate created for its own domain. "Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any Website they wish to impersonate," Google stated as an explanation of its actions.