A DigiNotar spokesman has admitted to Computerworld “several dozen” certificates had been acquired by the attackers.
But Hans Van de Looy, principal security consultant and founder of Madison Gurka, a Dutch security company claims the figure was closer to 200 and include ones valid for mozilla.com, yahoo.com and torproject.org.
A big cheese at the Mozorella Foundation has confirmed that a certificate for its add-on site had been obtained by the DigiNotar attackers and they have been revoked.
DigiNotar discovered the network breach on July 19, and has confirmed intruders issued themselves valid certificates for a number of domains and revoked them.
It is not clear how much damages the hackers did, or if it could still use the certificates to stage credible phishing attacks.