VeriSign, the company responsible for the integrity of Web addresses ending in .com, .net and .gov and delivering people safely to more than half the world's Web sites, has finally revealed security breaches dating back to 2010.
According to a Reuters report on Thursday, the company had been hacked repeatedly by outsiders, who stole "undisclosed information" from it. Its executives "do not believe these attacks breached the servers that support its Domain Name System network", but the company will not rule anything out, it added.
The attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October, after new guidelines on reporting security breaches to investors were introduced, the report stated.
Commenting on the breach, Stewart Baker, former assistant secretary of the U.S. Department of Homeland Security, told Reuters: "Oh my God. That could allow people to imitate almost any company on the [Internet]."
He added that based on the description of the attacks by VeriSign in the filing, it will lead people to "assume that it was a nation-state attack that is persistent, very difficult to eradicate and very difficult to put your hands around, so you can't tell where they went undetected".
VeriSign declined Reuters' requests for interviews, although senior employees intimated that they had not been given any details beyond those published in the report.