News

NordVPN confirms 2018 security breach involving datacenter partner

NordVPN says one of its servers was breached in March 2018, exposing some of the browsing habits of customers who were using the VPN service to keep their data private. NordVPN says the server, located in Finland, did not contain activity logs, usernames, or passwords. But the attacker would have been able to see what websites users were visiting during that time, a company advisor said, although the content of the websites likely would have been hidden due to encryption.

At some point, an attacker gained access to the server via an insecure remote management system left behind by the datacenter. “We were unaware that such a system existed,” said NordVPN blog editor Daniel Markuson.

Markuson said the VPN provider learned of the vulnerability “a few months back” and promptly terminated all contracts with the company. They also launched an internal audit to check their entire infrastructure, conducted an application security audit and started a process to move all of their servers to RAM.

Markuson said the expired TLS key taken when the server was exploited couldn’t have been used to decrypt the VPN traffic of any other server. “On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM (man-in-the-middle) attack to intercept a single connection that tried to access nordvpn.com.”

Furthermore, NordVPN said that no user credentials were taken and that the server did not contain any user activity logs.

The company doesn’t believe any information was taken, but that NordVPN will be informing its customers of the breach by email. “I would not call this a hack,” Okman said. “This is an isolated security breach hack is too powerful a word in this case.”

(Visited 63 times, 1 visits today)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.