Skip to main content
banner image
venafi logo

Airbnb Customers Lose Sleep over Certificate-related Outage

Airbnb Customers Lose Sleep over Certificate-related Outage

airbnb certificate outage
January 20, 2017 | Scott Carter

Earlier today, an Airbnb customer tweeted that an expired certificate was blocking access to the company’s website. It’s bad enough for an organization to lose business due to a completely avoidable cause. But it’s even worse when customers receive a warning that the site may not be secure because you’ve let a certificate expire. Unfortunately, this type of oversight is not an isolated incident. It happens to companies almost every day. But it doesn’t have to. 

(UPDATE 1/23/17)

Over the weekend, Venafi Labs looked at the most prominent, externally facing Airbnb web properties. They were impressed by the overall strength of Airbnb’s cryptographic security posture.

This outage demonstrates that even a company with very good policies and processes may not have complete visibility into their keys and certificates. Even with the best management, websites can experience certificate-related outages.

Venafi director of product marketing Hari Nair noted, “This outage is another example of how organizations like Airbnb should have visibility into all of their digital certificate footprint, as browsers are enforcing best practices as part of certificate security controls. Venafi TrustNet continuously monitors the open web for expired certificates and weak cryptographic attributes and alerts customers on potential issues before they impact end-users”

(Original blog)

Airbnb’s digital certificate – the system that allows machines and software to communicate with authentication and encryption – expired without anyone at Airbnb knowing. Apparently, like many other organizations, Airbnb didn’t have the visibility it needed to discover and replace aging certificates before they impacted business. In this case, the lack of visibility seems to have resulted in an outage. But untracked certificates can also create a situation where certificates are stolen and misused by cyber criminals.

Venafi VP of security strategy, Kevin Bocek outlines the lasting impact of outages such as this. “Customers receive errors which shakes their confidence and results in lost business, not just service outages. Airbnb, like all cloud providers from banks to airlines, is learning a painful lesson about the importance that digital certificates play in our everyday lives.” 

What do businesses need to do to avoid the impacts of certificate-related outages? First and foremost, it is essential that they maintain complete visibility by discovering, tracking, and continuously monitoring all digital certificates. Many businesses have tried doing this with spreadsheets, vulnerability scanners, and CAs. Most have learned how easy it is to fail.

The answer is automation. With an automated solution, organizations have what it takes to discover and replace certificates in seconds across dozens of CAs, well before expiration. Bocek underscores the importance of automation in cases like this. “Airbnb is finding out that automated system to manage and protect all keys and certificates are as important as mobile applications and customer experience.”

But the underlying message is that all organizations need to remain hyper vigilant of their security posture. And securing keys and certificates plays a vital part of that overall security. “We live in a digital world that relies on physical, virtual and cloud machines to deliver critical service that govern everything from healthcare to hospitality,” concludes Bocek. “Nearly every business around the world is vulnerable to these kinds of problems and shouldn’t rest until this problem is solved.”

Do you know if any of your organization’s certificates are about to expire? 

Like this blog? We think you will love this.
Featured Blog

Why Stopping Certificate Outages Starts with an Outage Safety Net

We’ve also talked a lot in this blog about how to eliminate outages.

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more