NordVPN, TorGuard and VikingVPN disclose security breaches

João Silva writes:

NordVPN, one of the most well-known VPN provider, had confirmed a security breach in early 2018. At fault, there’s the data centre provider from Finland, where the server was hosted. The data centre provider used an insecure remote management system that NordVPN was “unaware” of.  Although NordVPN seems to be playing down the occurrence, there’s an anonymous post on 8chan, shared by Cryptostorm’s Twitter account, that claims that the hacker had root access to the server. NordVPN states that the TLS key that was stolen was expired, and no VPN traffic could be decrypted.

The same 8chan user showed access to servers from two other VPN providers – TorGuard and VPNViking.

Read more on KitGuru.  Over on Fortune, Lisa Marie Segarra has more about the NordVPN incident and NordVPN’s denial that they were hacked:

“We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers,” NordVPN spokesperson Daniel Markuson said in a statement. “We are taking all the necessary means to enhance our security.”

The breach came when a hacker exploited an expired key to access the server. But since the server contained no user activity logs, and none of the VPN’s applications send user-created credentials for authentication, the company said, usernames and passwords for the service could not have been intercepted either. In addition, the method used to breach the network could not be used to compromise Nord’s other servers.

Read more on Fortune.

See also Brian Krebs’ post about how the Avast and NordVPN Breaches Were Both Tied to Phantom User Accounts.


About the author: Dissent

2 comments to “NordVPN, TorGuard and VikingVPN disclose security breaches”

You can leave a reply or Trackback this post.
  1. Hapent8 - October 30, 2019

    Two more providers were breached as well, yet only NordVPN is taking the blame. While in the meantime the data center is vaguely talked about. Somehow this shifted from a minor breach to a massive hack. Well tbf as there are so many articles copying TechCrunch (which is owned by Verizon and they have a VPN service of their own.. really suspicious imho) and their article is based on a researcher who is “anonymous: as well as their facts are literally speculations

    • Dissent - October 30, 2019

      NordVPN sent out another press release announcing more steps they are taking. I will not reproduce it all here, but will highlight what they wrote about what happened in the incident — and what didn’t happen:

      Last week, it was announced that 1 of more than 5000 NordVPN’s servers was accessed by an unauthorized third party. The hacker managed to access this single server located in Finland because of mistakes made by the data center owner, of which NordVPN was not aware.

      However, NordVPN is sure that no customer data was affected or accessed by the malicious actor, as the server did not contain any user activity logs, usernames, or passwords. NordVPN’s service as a whole was not hacked, the code was not hacked, the VPN tunnel was not breached, and the NordVPN apps stayed unaffected.

      As to Zack Whittaker: you obviously do not know him. He is an extremely ethical journalist and would never slant a story based on who owns TechCrunch. He reached out to NordVPN a number of times to give them opportunities to respond to opinions offered by others and he responsibly quoted their replies. If the unnamed senior researcher might have had a conflict of interests with NordVPN, I have no doubt Zack would have included that disclosure in his reporting.

Comments are closed.