Attention Journalists and Researchers: Don't Confuse Comodo with Sectigo

An article in TechCrunch yesterday reported a security breach against Comodo. Unfortunately, this article attributes what is in fact Sectigo’s SSL business to Comodo when it says, "A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo..." The article goes on to quote a white hat hacker named Jelle Ursem, who in the quote incorrectly states that Comodo "give out SSL certificates."

These statements are incorrect. Comodo is not a public CA and has not issued SSL certificates since Sectigo spun out as a separate company in 2017. Sectigo and Comodo are entirely separate businesses with separate management, employees, systems, procedures, offices, and technology products. On November 1, 2018 the company revealed its new name, Sectigo, and since then we have been promoting this fact as widely as we are able.

We have reached out to the author of the article to that it, any other potential writings about the topic (such as social media posts), be corrected. We also are attempting to make contact with the reported white hat researcher to ensure this person understands what the two companies are and what they do.