5 Companies That Got Crushed by Certificate Outages (And What We Can Learn)
A single expired certificate took down Microsoft Teams for three hours. Another let hackers steal data from 148 million people for 76 days without detection. And one knocked out mobile service for 32 million customers across 11 countries.
These aren’t hypothetical scenarios or scare tactics. They’re real incidents that cost real companies hundreds of millions of dollars. The organizations affected weren’t small businesses running on shoestring IT budgets. We’re talking about Microsoft, Equifax, Ericsson, Epic Games, and Spotify—companies with massive technology teams and supposedly robust infrastructure.
So what went wrong? And more importantly, what can your organization learn before you end up as the next cautionary tale?
The Numbers Paint a Grim Picture
Before we dig into specific incidents, let’s talk about just how common certificate outages really are.
According to Keyfactor’s 2024 PKI and Digital Trust Report, organizations experience an average of three certificate-caused outages every 24 months. Each incident takes about 2.6 hours to diagnose and another 2.7 hours to fix. That might not sound catastrophic until you factor in the cost: the average certificate outage runs approximately $2.86 million.
And that’s the average. The big incidents? Those hit $11 to $15 million easily.
The scariest part: 81% of companies experienced a certificate-related outage in the past year alone. With certificate lifespans shrinking to 200 days starting March 2026 and 47 days by 2029, this problem is about to get exponentially worse.
Now let’s look at five companies that learned these lessons the hard way.
1. Microsoft Teams: Three Hours of Global Silence
What happened: On February 3, 2020, Microsoft Teams went completely dark. Users around the world were greeted with error messages when trying to sign in, and the service remained down for nearly three hours.
The cause: An authentication certificate had expired. That’s it. One certificate, one oversight, and 20+ million daily active users couldn’t access their primary communication tool.
The timeline: Microsoft’s monitoring systems flagged the issue at 1:44 PM UTC. Engineers diagnosed the expired certificate by 1:56 PM—just 12 minutes later. But here’s where it gets painful: even after identifying the problem, it took until 5:00 PM UTC to fully deploy the fix.
The root cause wasn’t a sophisticated attack or complex infrastructure failure. Microsoft simply forgot to renew a certificate.
The fallout: Beyond the immediate productivity loss for millions of users, Microsoft had to publicly acknowledge that the outage stemmed from forgetting to renew a certificate. For a company that sells enterprise software and cloud services, that’s not a great look.
The lesson: Even companies with thousands of IT professionals and sophisticated monitoring systems can miss certificate renewals. Microsoft’s post-incident response included implementing automated certificate rotation where possible and scheduling manual renewals where automation wasn’t feasible. If Microsoft needed to improve their certificate management processes, chances are your organization does too.
2. Ericsson: One Certificate, 11 Countries, 32 Million Customers
What happened: On December 6, 2018, a digital certificate expired on Ericsson’s SGSN-MME software—the system that handles 4G connectivity for mobile carriers worldwide.
The impact: Absolute chaos. Over 32 million people in the United Kingdom lost access to their 4G network and SMS services. O2, one of the UK’s largest mobile carriers, went completely down. Tesco Mobile, Sky Mobile, Giffgaff, and Lycamobile—all affected. In Japan, SoftBank customers experienced the same outages.
The ripple effects went beyond dropped calls and failed texts. Transport for London relies on O2’s network for real-time bus arrival updates. Those went dark. In Angus, Scotland, every parking meter in the council’s off-street car parks stopped working.
The root cause: Ericsson had failed to monitor a certificate that was critical to their core infrastructure. CEO Börje Ekholm later admitted that “the faulty software that has caused these issues is being decommissioned” and acknowledged that the outage happened because Ericsson lacked “a robust certificate monitoring system.”
The lesson: Certificate outages don’t respect boundaries. A single expired certificate in one vendor’s system can cascade across multiple companies, multiple countries, and millions of end users. If you rely on third-party infrastructure, you need visibility into their certificate management practices—or at minimum, contingency plans for when their certificates fail.
3. Equifax: How an Expired Certificate Enabled the Worst Data Breach in History
What happened: Between May and July 2017, attackers exploited a vulnerability in Equifax’s systems and stole personal data from 147.9 million Americans, 15.2 million British citizens, and about 19,000 Canadian citizens. Social Security numbers, birth dates, addresses, driver’s license numbers—everything an identity thief could want.
The certificate connection: Here’s what makes this incident particularly painful. Equifax had a device specifically designed to inspect network traffic and detect malicious activity. It should have caught the data exfiltration almost immediately.
But it didn’t. Because the SSL certificate that enabled that device to decrypt and inspect outgoing traffic had expired 10 months earlier.
For 76 days, attackers moved through Equifax’s network and extracted data while the one system that should have detected them sat completely blind. When Equifax finally updated the certificate on July 29, 2017, the security device immediately flagged suspicious activity—but by then, the damage was done.
Making matters worse, an internal investigation revealed that Equifax had 324 expired SSL certificates at the time of the breach, including 79 on critical domain monitoring devices.
The cost: Equifax agreed to a settlement including $300 million for victim compensation, $175 million to states and territories, and $100 million in CFPB fines. The company reported spending $1.4 billion on cleanup costs over the following two years.
The lesson: Certificate management isn’t just about preventing outages—it’s about security. Expired certificates can blind your security tools and create gaps that attackers exploit. In Equifax’s case, proper certificate monitoring would have caught the breach within hours instead of months.
4. Epic Games: When Fortnite Went Dark
What happened: On April 6, 2021, at 12:00 PM UTC, Epic Games experienced a widespread outage affecting Fortnite, Rocket League, Houseparty, Epic Online Services, and the Epic Games Store. Users couldn’t log in, make purchases, or access their games.
The cause: An internal wildcard TLS certificate expired. This single certificate was used across “hundreds of backend services,” meaning its expiration triggered simultaneous failures across the entire Epic ecosystem.
The cascade: The initial certificate expiration was bad enough. But then things got worse. At 12:46 PM UTC, after Epic issued a new certificate, a surge of reconnection attempts overwhelmed their systems. Unexpected retry logic in client applications—logic that had never been triggered before because the services had never failed this way—hammered the servers with requests.
Connection tracking limits were hit. Packets got dropped. The Epic Games Launcher fleet scaled up by 250%, but the cascading failure had already taken hold. Full recovery took nearly five and a half hours.
The transparency: To their credit, Epic Games published a detailed public incident report explaining exactly what happened and what they learned. They admitted that despite their best efforts to monitor certificates, they “didn’t fully cover every area where certificates were being used.”
The lesson: Certificate visibility isn’t just about knowing when certificates expire. You need to understand where certificates are deployed and how systems will behave when those certificates fail. Epic discovered that a single certificate touched far more services than they realized—and that their client retry logic created a secondary crisis.
5. Spotify: The Day the Music Stopped
What happened: On August 19, 2020, at approximately 8:00 AM EST, Spotify users worldwide reported that they couldn’t connect to the service. The streaming platform was completely inaccessible.
The cause: A wildcard certificate for *.wg.spotify.com had expired without being renewed.
The response: Network engineer Louis Poinsignon from Cloudflare publicly noted the expired certificate, and within about an hour, Spotify had renewed the certificate and restored service.
Compared to the other incidents on this list, Spotify’s outage was relatively brief. But for a company whose entire business model depends on 24/7 streaming availability, even an hour of downtime damages user trust and drives customers toward competitors.
The lesson: Even “quick” certificate outages carry costs. Users who hit errors during that hour may have cancelled subscriptions, switched to Apple Music or YouTube Music, or simply lost confidence in the platform. The financial impact of even a brief outage can extend far beyond the downtime itself.
The Common Thread: Nobody Meant for This to Happen
None of these companies intended to let certificates expire. Microsoft, Equifax, Ericsson, Epic Games, and Spotify all have sophisticated IT operations. They all have security teams. They all presumably have processes for tracking important systems.
Yet certificates still expired. Why?
Scale creates blind spots. When you’re managing hundreds or thousands of certificates across cloud services, on-premise servers, internal applications, and third-party integrations, it’s easy to lose track. Equifax had 324 expired certificates. Epic Games discovered their “single” wildcard certificate was actually deployed across hundreds of services.
Manual tracking breaks down. Spreadsheets, calendar reminders, and ticketing systems all depend on someone remembering to update them. When the person who set up the certificate leaves the company, or when a certificate gets deployed during a late-night emergency fix, the tracking gaps appear.
Certificates hide in unexpected places. Internal services, development environments, monitoring tools, third-party integrations—certificates end up everywhere. The Equifax device that should have detected the breach was a security tool. Nobody thought to check whether its certificate was current.
What Your Organization Can Do Differently
The good news: these disasters are preventable. Here’s what the companies above learned (often the hard way) and what you can implement today.
Automate Certificate Discovery
You can’t manage what you can’t see. Modern certificate management starts with automated discovery that scans your Certificate Authorities, servers, and URLs to find every certificate in your environment. This includes the forgotten ones, the ones deployed by contractors, and the ones hiding in development environments.
Centralize Visibility
Once you’ve discovered your certificates, you need a single dashboard showing expiration dates, associated servers, and renewal status. Scattered tracking across multiple spreadsheets and ticketing systems is how certificates fall through the cracks.
Set Up Proactive Alerts
Waiting until a certificate expires is too late. Configure alerts at multiple intervals—90 days, 60 days, 30 days, 14 days, 7 days—so your team has plenty of runway to renew before problems occur.
Document Certificate Dependencies
When a certificate expires, you need to know immediately which systems will be affected. This means mapping certificates to servers and maintaining documentation about renewal procedures for specific certificates.
Integrate with Existing Workflows
Certificate renewals shouldn’t require a separate process. Integration with your help desk system means renewals generate tickets automatically. Webhook integration enables custom automation workflows. The less manual intervention required, the less likely something gets missed.
The Stakes Are Only Getting Higher
With maximum certificate lifespans dropping to 200 days in March 2026 and eventually to just 47 days by 2029, certificate management is about to get significantly more complex. Organizations that are struggling to track annual renewals will face exponential challenges when certificates need attention every few weeks.
The companies in this article learned their lessons through public embarrassment, millions in losses, and in Equifax’s case, one of the worst data breaches in history. Your organization doesn’t have to follow the same path.
Start by understanding what certificates you have, where they live, and when they expire. The rest becomes manageable from there.
Ready to get visibility into your certificate landscape? CertMS discovers and tracks certificates across your Windows Certificate Authorities, Windows servers, Linux servers, and URLs—giving you the centralized monitoring and proactive alerting that companies like Microsoft and Equifax wish they’d had.
Schedule a demo to see how CertMS can help your organization avoid becoming the next certificate outage cautionary tale.
*Word count: 2,187*