Update: I had originally linked to a report on Reuters. @Ju916 tweeted to me:
First of all those were no threat actors but security researches demonstrating problems of the system in good faith. Second: those digital certificates are just comodity items. The original document (a yellow vaccination passport) can replace them in any situation.
Because I’m no longer sure I have confirmation of claims, I’m deleting the post but leaving this here for transparency purposes.
The tweet is correct. However, the German pharmacies have indeed stopped issuing certificates temporarily after the “Handelsblatt” made the efforts of the researchers public. They are to resume issuing certificates next week. (Source: https://www.handelsblatt.com/politik/deutschland/corona-pandemie-nach-stopp-wegen-sicherheitsmaengeln-apotheken-sollen-ab-kommender-woche-wieder-impfzertifikate-ausstellen/27447994.html)
Thank you.