Google said the problem — connected to smtp.gmail.com displaying an invalid certificate — affected “a majority of users.” Although users were able to access their e-mail, they encountered issues that included “error messages and/or other unexpected behavior.”
Because the problem was connected to an expired certificate issued by Google itself, the search giant was able to resolve the matter within hours. Google runs its own in-house security certificate authority, Google Internet Authority G2.
More Than 500 Million Users
Google’s Apps Status Dashboard first featured a service disruption icon at 1:21 p.m. EDT Saturday, noting that it was “investigating reports of an issue with Gmail.” A second notice posted at 2 p.m. EDT stated Google would provide an update within the hour as to when it expected to solve the problem.
By 3:46 p.m. EDT, the issue was fixed, and Google posted an update apologizing to users for the inconvenience. “Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better,” the notice added.
Current estimates put Gmail’s user base at well over 500 million active users around the world. Those estimates are based on figures released at Google’s I/O developer conference in 2012, when Gmail was reported to have 425 million users.
Google ‘Still Human’
As the Gmail service disruption happened during the weekend, the problem likely did not create as much havoc for business users as it might have during the work week. While many of the largest corporations in the U.S. still maintain their own e-mail services, a majority of mid-size companies rely on Google for e-mail, according to an August 2014 report from Quartz.
The Quartz investigation found that some 60 percent of small and mid-size companies in the technology and media industries hosted their e-mail services with Google. Startup tech firms were even more likely to use Gmail, with 92 percent of Y Combinator-incubated companies relying on the Google service.
At least one Gmail user found a silver lining in the weekend service disruption. Posting on Venture Beat via Facebook, Timothy Johns wrote on Sunday, “This is oddly reassuring. These things won’t happen when the robots are in charge — looks like Google is still human after all.”
Security certificates are used to verify identities of servers and Web sites, as well as for e-mail encryption. Most online users notice them only when they stop working, as with Gmail over the weekend, or when security concerns cause service providers to stop supporting certain certificates.
Late last month, for example, Google was alerted to the use of unauthorized digital certificates for several of its domains. That issue has since prompted both Google and Mozilla to warn that their browsers will stop trusting certificates issued by the China Internet Network Information Center (CNNIC), which is in charge of China’s domain name registry and IP address system. Ars Technica reported that move “could leave huge numbers of users suddenly unable to connect to banks and e-commerce sites” secured by CNNIC certificates.
CNNIC released a statement Thursday calling Google’s decision “unacceptable and unintelligible.” It has also said it did not issue any certificates that have enabled so-called “man-in-the-middle” security breaches.