The mistake means that hackers could decrypt the key and use the certificate, a means of digital authentication, to monitor victims’ traffic and launch main-in-the-middle attacks.