sb-nz logo
Story image

Hackers access NordVPN server, users unaffected

23 Oct 2019

NordVPN announced that one of its servers was breached in 2018, allowing a malicious actor to access the server it was renting from a Finnish data centre.

The company issued a media statement saying there are no signs showing that any of its customers were affected or that their data was accessed by the attacker.

While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalised or linked to a particular user.

The server itself did not contain any user activity logs.

The statement said that none of NordVPN’s applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted.

“Our service as a whole was not hacked; our code was not hacked; the VPN tunnel was not breached.

“The NordVPN applications are unaffected. It was an individual instance of unauthorised access to 1 of more than 5000 servers we have.”

The hacker managed to access this server because of the mistakes made by the data centre owner, of which NordVPN was not aware.

As soon as we found out about the issue, the company ceased its relationship with this particular data centre and shredded the server.

The stamement said it was not a targeted attack against NordVPN as at least two other VPN services were affected.

To prevent any similar incidents, among other means, NordVPN encrypts the hard disk of each new server it builds.

“The security of our customers is the highest priority for us.”

Timeline:

1. The affected server was brought online on January 31st, 2018.

2. Evidence of the breach appeared in public on March 5th, 2018.

3. The potential for unauthorised access to the server was restricted when the data centre deleted the undisclosed management account on March 20th, 2018.

4. The server was shredded on April 13, 2019 – when NordVPN suspected a possible breach.

ESET cybersecurity specialist Jake Moore says, “No doubt privacy purists will jump on this and try to call Nord and other services out, but using a VPN is still hugely advised to protect online anonymity.

“This is especially true in hostile states, where some apps or websites are banned.

“VPNs are also extremely useful when using public Wi-Fi, and this news shouldn’t put you off. It will still be more secure to use a VPN than not using one at all,” he says.

Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Kaspersky discovers COVID-19 research related cyber threats
Kaspersky researchers have identified two APT incidents that targeted entities related to COVID-19 research - a Ministry of Health body and a pharmaceutical company. More
Story image
SOC as a Service market on the up, driven by greater focus on security
The global System On a Chip (SOC) as a Service market is set to reach US$676.8 million by 2026, according to a new study from Valuates Reports. More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
PDI acquires Cybera and ControlScan MSS to protect against security threats
The acquisition complements PDI's existing industry-focused cloud product strategy, bringing customers a fully managed, cloud-based network security solution, the company states.More
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More