NordVPN reveals it was affected by a data breach in 2018

by Savia Lobo on October 22, 2019

NordVPN, a popular Virtual Private Network revealed that it was subject to a data breach in 2018. The breach came to light a few months ago when an expired internal security key was exposed, allowing anyone outside the company unauthorized access. NordVPN did not inform users then as they wanted to be “100 percent sure that each component within our infrastructure is secure.”

Details of the breach were traced back to March 2018 when one of NordVPN’s data centers in Finland, from whom they rent their servers from showed signs of unauthorized access. The attacker gained access to the server by exploiting an unsecured remote management system by the provider.

In a press release statement, NordVPN explained “only 1 of more than 3000 servers we had at the time was affected.” and that the company immediately terminated its contract with the data center provider after it learned of the hack.

Even though the company had intrusion detection systems installed to find data breaches, it could not predict a remote data management system left by the data center provider. On the other hand, NordVPN said it was unaware that such a system existed.

The company also said, “We are taking all the necessary means to enhance our security. We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program.” They further added, “We will give our all to maximize the security of every aspect of our service, and next year we will launch an independent external audit … of our infrastructure to make sure we did not miss anything else.”

Sponsorships Available

NordVPN said that the attacker did not gain access to activity logs, user-credentials, or any other sensitive information. NordVPN maintains what it says is a strict “zero logs” policy. “We don’t track, collect, or share your private data,” the company says on its website.

In a statement to TechCrunch, NordVPN spokesperson Laura Tyrell said, “The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.” She further added, “On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”

Based on a few records posted online, other VPN providers such as TorGuard and VikingVPN may have also been compromised. A spokesperson for TorGuard told TechCrunch that a “single server” was compromised in 2017 but denied that any VPN traffic was accessed.

Users are furious that NordVPN did not inform them on time.

@NordVPN @figalmighty
My concern is the delay in informing us. People get hacked fact of life. If you don’t inform us, how do you think that makes us feel when we have to trust our vpn vendor?
So my question, what are you going to do to regain our trust?
— fig 🖤🦅 (@figalmighty) October 22, 2019

The worst thing about the NordVPN hack is that if it had been communicated openly and honestly in the first place it would avoided all these terrible “run your own vpn” hot takes
Poor PR and marketing spin combined with shady breach reporting is not a good look! https://t.co/NO7Mm81ptP
— Steve Cooper (@bleepsec) October 22, 2019