A hacker breached the website of Condro Group, Inc, a collection of privately held companies that specialize in computer software and SSL certificate products, whose primary function is to serve as a Certificate Authority. The hacker wiped all access logs and shut down the application server Microsoft IIS used to run the InstantSSL.it website and stole the website's entire database of more than 400 accounts used to authenticate against the website. Furthermore, two separate external backup HDDs were wiped. The entire breach took less than 15 minutes. Recognizing that it had had placed too much trust in RAs whose network security they did not oversee, Condro immediately implemented IP address restriction and hardware-based two-factor authentication. Two weeks later, a separate registration authority suffered a similar attack, believed to be from the same perpetrator. However, the new security measures were able to protect against this attack