New Server Data Breach Reported at NordVPN

November 5, 2019

Written by wukovits

NordVPN provides a popular Virtual Private Network (VPN) service used by clients around the world.

Unfortunately, they recently disclosed that a server in one of their data centers was breached back in March of 2018.

According to the details released, the server was located in a data center in Finland.

It was compromised due to an insecure remote management system that was left in place by the data center provider. Worse, this was a system that NordVPN never even knew existed. The company said that they learned of the breach some months ago but withheld disclosing the details until they could be sure that their systems were secure.  In the meantime, though, they quietly terminated their contract with the provider in question and shredded the servers that company had been renting from them.

As the official statement released by the company explained:

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.”

Researchers also discovered that NordVPN had an expired private key left inadvertently exposed.  This would have allowed anyone who gained access to it to set up a server that imitated NordVPN.

The company addressed this point as well, saying:

“…the key couldn’t possibly have been used to decrypt the VPN traffic of any other server.  On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”

Assurances aside, the fact that it happened at all is troublesome.  In any case, according to the official statements released by the company and informed by their ongoing investigation, it doesn’t appear that any sensitive user data was exposed. So if you’re a NordVPN user, you can breathe a sigh of relief about that.  Stay tuned for additional updates from the company.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.