SBN

Massive Spotify Podcast Outage, Verifone Problems Highlight ‘Ugly Reality’ of Expired Certificates

Massive Spotify Podcast Outage, Verifone Problems Highlight ‘Ugly Reality’ of Expired Certificates
brooke.crothers
Wed, 06/01/2022 – 09:24

Spotify: No certificate, no access

Publishers and listeners for Megaphone-hosted podcasts faced service disruptions after the outage. Listeners, for example, lost access to their favorite podcasts.

Though the certificate outage was resolved by Tuesday morning, it was a massive disruption for Spotify, which hosts a popular podcast service.

An SSL certificate authenticates a website’s identity and enables an encrypted connection, a necessary security measure. An SSL secured website always has “HTTPS” in the URL, replacing the older, less secure HTTP. 

“When these critical security assets expire unexpectedly, they leave consumers without access to data, services and applications,” according to Kevin Bocek, VP Security Strategy & Threat Intelligence at Venafi.

Spotify confirmed the platform outage “due to an issue related to our SSL certificate.”

Spotify acquired Megaphone, a podcast advertising and publishing platform, in 2020.  Megaphone, which handles ad insertion, also hosts popular podcasts.

“During the outage, clients were unable to access the Megaphone CMS and podcast listeners were unable to download podcast episodes from Megaphone-hosted publishers. Megaphone service has since been restored,” a Spotify spokesperson told the media on Tuesday.

Verifone also grapples with certificate problems

Verifone, which provides provides technology for electronic payment transactions and point-of-sale (POS) systems, was plagued by disruptions in Germany.  Twitter threads point to an issue with certificates.

A payment terminal, the Verifone H5000, which is an old platform, “brought down big parts of card payment all over Germany as one of the embedded certificates expired unnoticed on Tuesday,” said Jan Wildeboer, who describes himself as Red Hat’s EMEA Evangelist, in a tweet.

The outage was felt at payment systems across Germany, according to reports, citing Wildeboer.

“Turns out this terminal is still being installed as new by many local payment service companies. It is cheap [since it is end-of-life]…But seemingly no one noticed the expiration date of a certificate that is needed to get authorisation from the German payment system,” Wildboer said.

Venafi: certificate outage is an ‘ugly reality’

The double whammy of Spotify and Verifone, two major brands, points to the importance of tackling machine identity management.

The lack of a robust machine identity management can impact everything from gas pumps to banking services to airline reservations and to streaming services.

“The ugly reality is that certificates outages can happen to anyone; we’ve seen high profile examples like LinkedIn and O2 suffering the exact same problem with certificates in the past,” said Bocek said.

(See: LinkedIn Certificate Crash: Is Your Organization Outage Free?)

“Certificates enable secure communication between machines, applications and services but they’re often poorly managed. And the challenge of managing machine identities is becoming harder as more companies move to the cloud where every container and application needs a unique identity,” Bocek said.

Recent data shows that machine identities, like the certificate that expired on Megaphone, are growing at over 40% per year, Bocek said.  And most companies will have over half a million identities to manage by 2024.

“We should expect to see a lot more of these kinds of outages until companies invest in the automation necessary to effectively automate the entire lifecycle of every machine identity,” Bocek said.

Related Posts

 

 

ssl-certificate-outage

Brooke Crothers

Users of Spotify’s Megaphone service could not download podcasts on Monday due to an all-too-familiar error: an expired certificate. Verifone also appears to have experienced problems with certificates causing card payment problems. 

What if you could eliminate certificate outages forever? Learn about our No Outage Guarantee!

“>

Off
UTM Medium
Resources

UTM Source
Blog

UTM Campaign
Recommended-Resources

*** This is a Security Bloggers Network syndicated blog from Rss blog authored by brooke.crothers. Read the original post at: https://www.venafi.com/blog/massive-spotify-podcast-outage-highlights-ugly-reality-expired-ssl-certificates