NordVPN, the company who’s slogan is “protect your privacy online,” has confirmed the rumors of a security breach leading to an attack.
VPN providers such as NordVPN are popular because they provide privacy from your internet provider by keeping visited sites and internet browsing traffic private.
Basically these providers channel all of your internet traffic through an encrypted network, making it difficult for anyone else on the internet to see what sites you are visiting or what apps you are using.
NordVPN claims to have a “zero logs” policy stating on their site that “We don’t track, collect, or share your private data.”
Even though many VPN providers claim to have zero logs policies, they are still moving your browsing history from your internet provider to their own systems, leaving these claims for zero logs under much scrutiny.
The security breach is causing alarm because the hackers may have been able to access user data.
NordVPN admitted that one of their data centers was accessed without authorization back in March of 2018.
The specific server that was accessed by the hacker was active for about a month and the hacker gained access to the server by discovering and exploiting an insecure remote management system that was left by the data center provider.
In a statement by NordVPN’s spokesperson, “The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”
NordVPN confirmed that it installed intrusion detection systems but no one knew about an undisclosed remote management system let by the data center provider.
NordVPN claims to only have found out about the breach a few months ago and did not disclose it publicly until recently because they wanted to be 100% sure that the infrastructure was once again secure.
NordVPN further claims that this is an isolated incident and no other server on their network was affected.
The VPN provider is getting a lot of backlash because, according to one researcher, “apparently they spent millions of dollars on ads, but nothing on effective defensive security.”
Yet another researcher called the attack “troubling” and went on to say “while this is unconfirmed and we await further forensic evidence, this is an indication of a full remote compromise of this provider’s systems,” the security researcher said. “That should be deeply concerning to anyone who uses or promotes these particular services.”
But NordVPN shouldn’t get all of the backlash, it is believed that several other VPN providers such as TorGuard and VikingVPN may have been breached around the same time.