NordVPN was Hacked. Here’s What We Know

1 minute read
| News

NordVPN admits it was hacked, saying that in March 2018 one of its data centers was accessed by a third party (via TechCrunch).

NordVPN

The company had exposed some expired private keys which means that anyone could set up a server with those keys and pretend to be NordVPN. But it’s not just NordVPN; other companies like TorGuard and VikingVPN were also compromised. Some OpenVPN keys were leaked as well.

The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.

Aside from the above VPN providers we currently don’t know if others were affected as well.

Update

NordVPN disagrees with the word “hacked” and sent me a statement:

I would like to stress out that our service has not been hacked. None of the information available on the one server can be used to impersonate or decrypt the traffic of any other. This was an isolated case of one datacenter in Finland. It did not impact thousands of other servers in any way, it is virtually impossible to do that.

They also have an official blog post about the situation.

Further Reading:

[Google to Fix HEIC Photo Backup ‘Bug’]

[There Are So Many VPN Apps. Which One Should You Choose?]

1
Leave a Reply

Please Login to comment
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Huuve7 Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Huuve7
Member
Huuve7

Thanks for the read, yet I agree this is not a hack on Nordvpn. This is a stupid mistake made by the data center. Honestly, because nordvpn is moving to RAM, I will feel even more safe after this issue than before haha