Product Reviews
Take Action

Fight for Fair Finance

Tell the administration and Congress to stand up for the consumer watchdog that protects you from financial fraud and abuse.
Take Action
Why Do We Have Campaigns?
We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

Verisign hacked in 2010: Are you in danger?

Consumer Reports News: February 03, 2012 12:08 PM

Reuters reported yesterday that Verisign, an Internet infrastructure company that manages the .com" ".net" and .gov" website addresses, was hacked in 2010. Should you be concerned?

According to the report, the 2010 security breach was hidden from Verisign executives until last September. But the data break-in was reported in the company's quarterly earnings report to investors, as required by changes in U.S. Securities and Exchange Commission regulations that went into effect in October of 2011.

But what worries most security experts is the still-undisclosed damage and risks that the nearly two-year old hack may pose. "We need an environment where companies have an incentive to disclose these things," said Jeff Fox, Consumer Reports' privacy expert. "Affected companies need to disclose not only the breach but the damage to consumers."

For example, it's still unknown whether data from the DNS servers has been taken. With DNS information, which translates a website's name (such as "") to the proper numerical Internet address, criminals can redirect consumers' browser requests and send them to malicious websites instead.

And until August 2010, Verisign was also a provider of so-called Secure Socket Layer (SSL) certificates—the online code Web browsers look for when connecting users to sites, such as banks, that begin with "https" instead of the usual "http." Symantec, which now owns the Verisign SSL database, did tell Reuters that "there is no indication" the 2010 Verisign breech is tied to the SSL system.

To keep personal data safe while using the Internet, see Consumer Reports Guide to online security.

Key Internet operator VeriSign hit by hackers
VeriSign Hacked: What We Don't Know Might Hurt Us [PC World]
Why Are We Only Finding Out About the VeriSign Security Breach Now? [Time Techland]
VeriSign admits it was hacked repeatedly in 2010, staff didn't tell senior management [Sophos Security blog]
VeriSign 2010 Hack: DNS Data Theft A Possibility [Information Week]

Paul Eng

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more