NordVPN, one of the leading VPN providers in the world, recently revealed that one of their servers suffered a breach. This was not a targeted attack, as two other VPN providers – TorGuard and VikingVPN – were also affected.
The breach happened in March 2018, when a hacker managed to gain access to one of NordVPN’s Finnish servers. The company states that this was an isolated incident that affected only one of the 3000 servers they had at the time.
A compromised data center’s account to blame
The still unknown attacker managed to gain unauthorized access to one of the servers via an insecure remote management system account. The VPN provider stated that the data center added the account without notifying the company.
Information Use !!
Concerned about online trackers and introducers tracing your internet activity? Or do you face geo-restrictions while streaming? Get NordVPN - the ultra-fast VPN trusted by millions, which is available at 69% off + 3 Months Extra. With the Double VPN, Split tunneling, and Custom DNS, you can experience internet freedom anytime, anywhere.
The account was later deleted, but the data center owner failed to inform NordVPN about the incident. The company found out about the breach on April 13, 2019, and immediately shredded the server and terminated the contract with the data center.
According to NordVPN’s blog post about the incident, the company decided not to inform the public right away. Their goal was to make sure that all their infrastructure was safe from attacks like this one. “We had to ensure that no other server could possibly be exploited this way. Unfortunately, thoroughly reviewing the providers and configurations for over 5,000 servers around the world takes time.”
Users’ data reportedly safe
Since the VPN provider does not keep any logs of their users’ activity, the attacker could not access any particularly sensitive information about NordVPN’s users. The hacker only got a TLS key that expired after two months. It could have only been used to perform a very complicated and specifically targeted MITM attack, but so far, there are no reports about something like this taking place.
According to their media statement, “There are no signs showing that any of our customers were affected or that their data was accessed by the malicious actor. While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalized or linked to a particular user.”
What are the implications? Of course, this is a blow to the company’s reputation. However, NordVPN plans to tighten its security even further. The company underwent an application security audit and have a second no-logs audit planned soon. NordVPN’s press release also stated that they will now encrypt the hard disk of every new server they build.
Time will show how the users will react to the news. But it’s safe to say that it will depend mainly on how NordVPN will handle the implementation of the promised security measures.
Thanks for reading techfollows.com.
Disclosure: If we like a product or service, we might refer them to our readers via an affiliate link, which means we may receive a referral commission from the sale if you buy the product that we recommended, read more about that in our affiliate disclosure.