Opera Software has become the latest company to suffer a security breach due to an expired digital certificate. The Latest Attacks Challenging Website Protection Strategies On June 26, Opera released an advisory statement about the breach that was discovered on June 19, stating in part: The attackers were able to obtain at least one old […]
Opera Software has become the latest company to suffer a security breach due to an expired digital certificate.
The Latest Attacks Challenging Website Protection Strategies
On June 26, Opera released an advisory statement about the breach that was discovered on June 19, stating in part:
The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser.
While it doesn’t generate the same press as a DDoS attack or other types of breaches, hackers are more steadily using stolen and/or expired certificates to spread malware. And, as Jeff Hudson, CEO of Venafi, told me in an email, it is a surprisingly easy way for the hackers to break in:
Organizations’ failure to control and protect cryptographic keys and certificates, the foundation of digital security and online trust, leaves the front doors open for attackers to enter at will and pilfer whatever sensitive data they want, whenever they want. The Opera Software security breach paints a clear picture of how a single digital certificate can be misused to allow a malicious actor to penetrate a network, go undetected and carry out their nefarious activities without working up a sweat.
It looks like the hackers may have the advantage on this type of breach. A Ponemon Institute study released earlier this year found that 51 percent of organizations don’t know how many digital certificates and keys are in use. According to the study, that number averages over 17,000. Attacks that take advantage of those unknown, expired, or forgotten certificates can cost enterprise an average of $35 million every two years.
As Hudson told me:
Unplanned outages from expired certificates can no longer be viewed as an inconvenient IT operations issue, rather these common outdates are symptomatic of much larger security vulnerabilities. It’s become clear that certificate-based attacks have become the attack vector of choice. Organizations must implement effective controls to ensure the safety of their network.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
