On July 2, Google became aware of fraudulent certificates that were incorrectly issued to Google-owned domain names. The certificates were issued by National Informatics Centre (NIC) of India, which is a subordinate certification authority (CA) to Indian Controller of Certifying Authorities (India CCA). The miss-issued certificates could have been used to spoof content, perform phishing attacks or perform man-in-the-middle (MITM)
No company is safe from attack. The sooner businesses realize this, the sooner breach numbers will go down. We review some of the most disrupting breaches of the past few years to see what we can learn.