NordVPN, one of the highly recommended virtual network provider, has confirmed that one of its data centres in Finland was breached in March 2018 as the attacker gained access to the server by exploiting an insecure remote management system.
The issue was first highlighted by Twitter user @hexdefined on Sunday, who wrote, “NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys”.
According to the company’s statement, the breached server didn’t contain any user activity logs, and since none of its applications “send user-created credentials for authentication, usernames and passwords couldn’t have been intercepted either”.
Update: NordVPN says that two other VPN services were affected during the same breach.
The company rented its servers in this data centre and said that they were unaware that the provider had such a remote management system in place.
“We double-checked that no other server could possibly be exploited this way and started creating a process to move all of our servers to RAM, which is to be completed next year. We have also raised the bar to all datacenters we are working with. Now, before signing up with them, we make sure that the DCs meet even higher standards,” NordVPN’s statement reads.
In the News: Samsung says fingerprint recognition issue on Note10 and S10 is due to screen protectors
NordVPN says that they learnt about the breach a few months back and immediately terminated its contract with the data centre provider in Finland.
“We did not disclose the exploit immediately because we had to make sure that none of our infrastructures could be prone to similar issues. This couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure.”
According to the company, “The expired TLS key was taken at the same time the datacenter was exploited. However, the key couldn’t possibly have been used to decrypt the VPN traffic of any other server. On the same note, the only possible way to abuse website traffic was by performing a personalised and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com.”
NordVPN says that none of the other data centres was affected by the breach. They also say that they’re enhancing the security infrastructure around their product as well as preparing for a bug bounty program.
More in News: Google Maps brings crash, speed trap reports to iOS and adds four new incident types
1/3 Yesterday, our marketing department got ahead of themselves and published an ad on Twitter that triggered the infosec community. The message stated the following: ‘Ain’t no hacker can steal your online life. (If you use VPN). Stay safe.’
— NordVPN (@NordVPN) October 20, 2019
Well to be fair I think every large IT company will get hacked eventually, I’m just happy (as a NordVPN user) that the breach was so minor it wont cause any problems. A company after an incident like this has two ways of surviving. One is to do nothing and hope this will pass and second, is to upgrade and improve. Thank god NordVPN has chosen the second way to upgrade their security even further, as I would have probably looked for another VPN. But for now, I will stay with them and continue watching netflix :))