NordVPN, one of the leading VPN providers in the world, recently revealed that one of their servers suffered a breach. This was not a targeted attack, as two other VPN providers – TorGuard and VikingVPN – were also affected.
The breach happened in March 2018, when a hacker managed to gain access to one of NordVPN’s Finnish servers. The company states that this was an isolated incident that affected only one of the 3000 servers they had at the time.
A compromised data center’s account to blame
The still unknown attacker managed to gain unauthorized access to one of the servers via an insecure remote management system account. The VPN provider stated that the data center added the account without notifying the company.
The account was later deleted, but the data center owner failed to inform NordVPN about the incident. The company found out about the breach on April 13, 2019, and immediately shredded the server and terminated the contract with the data center.
According to NordVPN’s blog post about the incident, the company decided not to inform the public right away. Their goal was to make sure that all their infrastructure was safe from attacks like this one. “We had to ensure that no other server could possibly be exploited this way. Unfortunately, thoroughly reviewing the providers and configurations for over 5,000 servers around the world takes time.”
Users’ data reportedly safe
Since the VPN provider does not keep any logs of their users’ activity, the attacker could not access any particularly sensitive information about NordVPN’s users. The hacker only got a TLS key that expired after two months. It could have only been used to perform a very complicated and specifically targeted MITM attack, but so far, there are no reports about something like this taking place.
According to their media statement, “There are no signs showing that any of our customers were affected or that their data was accessed by the malicious actor. While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalized or linked to a particular user.”
What are the implications? Of course, this is a blow to the company’s reputation. However, NordVPN plans to tighten its security even further. The company underwent an application security audit and have a second no-logs audit planned soon. NordVPN’s press release also stated that they will now encrypt the hard disk of every new server they build.
Time will show how the users will react to the news. But it’s safe to say that it will depend mainly on how NordVPN will handle the implementation of the promised security measures.
Thanks for reading techfollows.com.
Disclosure: If we like a product or service, we might refer them to our readers via an affiliate link, which means we may receive a referral commission from the sale if you buy the product that we recommended, read more about that in our affiliate disclosure.
- How to Install and Watch HBO Max on Google TV
- How to Cancel YouTube TV Subscription 
- 5 Apps for Car interacting to enjoy the Driving experience
- How to Log out of Netflix on Roku [All Models]
- Understanding the Benefits of Cutting the Cord
- How to Cancel Peacock TV Subscription 
- Things You Need to Know About Innovative Modern Computer Games
- Ways to Enhance Your Mobile Gaming Experience
- Simple Digital Marketing Tips From the Experts
- Top YouTube Hacks and Tricks You Should Know About
How to2 years ago
How to Install IPTV on LG Smart TV 
Apps1 month ago
How to Install Spectrum TV App on Firestick/Fire TV 
IPTV4 months ago
Best IPTV Player for Windows PC/Laptop [January 2021]
FireStick1 year ago
How to Install Xfinity Stream on Firestick 
Android9 months ago
Best IPTV Players for Android [January 2021]
How to10 months ago
How to Install and Setup IPTV for Roku 
Android9 months ago
How to Cast to Firestick using Android and Windows
How to10 months ago
How to Jailbreak Roku in 5 Minutes