Yes it's true, the past couple of years have seen a number of hacks targeting certificate authories. Comodo, Startssl, globalsign, and diginotar all have had varying degrees of hacking attempts (and successes) directed at them, with diginotar paying the ultimate price and going out of business.
here is an interesting high level article about the events that unfolded