I reached out to Netlock when we were made aware of this attack. I don't believe that this constitutes an "incident" as defined in the Mozilla Root Store Policy, so I haven't requested that anything be filed. Here is Netlock's explanation:
In the early morning of the 19th of February 2022 (Saturday), Netlock Ltd. noticed that we were the target of cyber attacks. The attacks targeted the web frontend of our DVSSL service. Based on our internal findings, the hacker attacked our website (onlinessl.netlock.hu), but it didn’t have an effect on the issuance of SSL certificates. Our certificate issuing service which is on a separate network segment was thus unaffected. We double-checked the certificates issued in the previous weeks and found no irregularities in our signed audit logs. We informed our customers in due course, to ensure their safety, that among the potentially affected personal data there were password hashes for accessing the onlinessl.netlock.hu website. For this reason, we forced a reset for all passwords on onlinessl.netlock.hu. The onlinessl.netlock.hu webpage provides only limited administrative functions, mostly related to payment and invoicing. Ben On Mon, Feb 28, 2022 at 3:55 AM Michel Le Bihan < [email protected]> wrote: > Hello, > On https://onlinessl.netlock.hu/ website I saw > > In the early morning of 19. February 2022 (Saturday), Netlock Ltd. was > the target of a cyber attack. We had been targeted by smaller attacks on > the days prior. Upon noticing the attack, we immediately started the > investigation of the events. The analysis of the underlying reasons and > events is ongoing. Based on our internal findings, the attack was carried > out with the involvement of multiple international locations. Netlock > notified all the relevant authorities and filed a report with the police > against an unknown suspect. > > We informed our customers in due course, and ensured their safety. Among > the potentially involved personal data there were hashed individual > passwords used on the onlinessl.netlock.hu website. Thus, we forced reset > all passwords on onlinessl.netlock.hu. The onlinessl.netlock.hu webpage > provides only limited administrative functions. At this point, our ongoing > investigation suggests that the onlinessl certificates were not compromised. > > However, I didn't see any related incident reported on Bugzilla nor here. > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/beb04420-fd43-42fc-bba2-65e5bfb46163n%40mozilla.org > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/beb04420-fd43-42fc-bba2-65e5bfb46163n%40mozilla.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZLYiQkr5ysPznZs64d%2BW7vu-0eOcPXm_NPUf0TA%3DWzqg%40mail.gmail.com.
