Skip to main content
banner image
venafi logo

Airbnb Customers Lose Sleep over Certificate-related Outage

Airbnb Customers Lose Sleep over Certificate-related Outage

January 20, 2017 | Scott Carter

Earlier today, an Airbnb customer tweeted that an expired certificate was blocking access to the company’s website. It’s bad enough for an organization to lose business due to a completely avoidable cause. But it’s even worse when customers receive a warning that the site may not be secure because you’ve let a certificate expire. Unfortunately, this type of oversight is not an isolated incident. It happens to companies almost every day. But it doesn’t have to. 

(UPDATE 1/23/17)

Over the weekend, Venafi Labs looked at the most prominent, externally facing Airbnb web properties. They were impressed by the overall strength of Airbnb’s cryptographic security posture.

This outage demonstrates that even a company with very good policies and processes may not have complete visibility into their keys and certificates. Even with the best management, websites can experience certificate-related outages.

Venafi director of product marketing Hari Nair noted, “This outage is another example of how organizations like Airbnb should have visibility into all of their digital certificate footprint, as browsers are enforcing best practices as part of certificate security controls. Venafi TrustNet continuously monitors the open web for expired certificates and weak cryptographic attributes and alerts customers on potential issues before they impact end-users”

(Original blog)

Airbnb’s digital certificate – the system that allows machines and software to communicate with authentication and encryption – expired without anyone at Airbnb knowing. Apparently, like many other organizations, Airbnb didn’t have the visibility it needed to discover and replace aging certificates before they impacted business. In this case, the lack of visibility seems to have resulted in an outage. But untracked certificates can also create a situation where certificates are stolen and misused by cyber criminals.

Venafi VP of security strategy, Kevin Bocek outlines the lasting impact of outages such as this. “Customers receive errors which shakes their confidence and results in lost business, not just service outages. Airbnb, like all cloud providers from banks to airlines, is learning a painful lesson about the importance that digital certificates play in our everyday lives.” 

What do businesses need to do to avoid the impacts of certificate-related outages? First and foremost, it is essential that they maintain complete visibility by discovering, tracking, and continuously monitoring all digital certificates. Many businesses have tried doing this with spreadsheets, vulnerability scanners, and CAs. Most have learned how easy it is to fail.

The answer is automation. With an automated solution, organizations have what it takes to discover and replace certificates in seconds across dozens of CAs, well before expiration. Bocek underscores the importance of automation in cases like this. “Airbnb is finding out that automated system to protect all keys and certificates are as important as mobile applications and customer experience.”

But the underlying message is that all organizations need to remain hyper vigilant of their security posture. And securing keys and certificates plays a vital part of that overall security. “We live in a digital world that relies on physical, virtual and cloud machines to deliver critical service that govern everything from healthcare to hospitality,” concludes Bocek. “Nearly every business around the world is vulnerable to these kinds of problems and shouldn’t rest until this problem is solved.”

Do you know if any of your organization’s certificates are about to expire? 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Prepare this presentation and send it to me, once approved you can teach entire team.

Overheard at Machine Identity Protection Global Summit 2019

machine identity protection

Leaders Underscore the Critical Nature of Machine Identity Protection at Inaugural Global Summit

About the author

Scott Carter
Scott Carter

Scott Carter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat