The figure came from a report into the breach at DigiNotar which let attackers generate hundreds of fake certificates.
The report suggests the certificates were used in Iran to eavesdrop on email accounts.
The list has been passed to Google so it can tell victims they may have come under government scrutiny.
On 30 August, security firm Fox-IT was called in to analyse the sequence of events at DigiNotar that led to the security breach. Read more