Turns out the phony Google.com digital certificate that sounded alarms among browser vendors and security experts Thursday came out of a series of missteps by the Turkish certificate authority (CA) and may have only affected users at a Turkish government agency.

A convoluted series of unfortunate events within CA Turktrust led to the existence of a legit-appearing Google domain and the potential for some serious fraud via man-in-the-middle attacks, prompting Google, Firefox and Microsoft all to block the "*.google.com" domain.

The anomalous domain was not the result of a data breach, according to Turktrust, which mistakenly issued two certificates that ultimately led to the phony Google one. Turktrust traced the incident back to a 2011 audit that required a software migration and moving certificate profiles between a production system and a test system.