João Silva writes:
NordVPN, one of the most well-known VPN provider, had confirmed a security breach in early 2018. At fault, there’s the data centre provider from Finland, where the server was hosted. The data centre provider used an insecure remote management system that NordVPN was “unaware” of. Although NordVPN seems to be playing down the occurrence, there’s an anonymous post on 8chan, shared by Cryptostorm’s Twitter account, that claims that the hacker had root access to the server. NordVPN states that the TLS key that was stolen was expired, and no VPN traffic could be decrypted.
Read more on KitGuru. Over on Fortune, Lisa Marie Segarra has more about the NordVPN incident and NordVPN’s denial that they were hacked:
“We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers,” NordVPN spokesperson Daniel Markuson said in a statement. “We are taking all the necessary means to enhance our security.”
The breach came when a hacker exploited an expired key to access the server. But since the server contained no user activity logs, and none of the VPN’s applications send user-created credentials for authentication, the company said, usernames and passwords for the service could not have been intercepted either. In addition, the method used to breach the network could not be used to compromise Nord’s other servers.
Read more on Fortune.
See also Brian Krebs’ post about how the Avast and NordVPN Breaches Were Both Tied to Phantom User Accounts.