sb-nz logo
Story image

Hackers access NordVPN server, users unaffected

23 Oct 2019

NordVPN announced that one of its servers was breached in 2018, allowing a malicious actor to access the server it was renting from a Finnish data centre.

The company issued a media statement saying there are no signs showing that any of its customers were affected or that their data was accessed by the attacker.

While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalised or linked to a particular user.

The server itself did not contain any user activity logs.

The statement said that none of NordVPN’s applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted.

“Our service as a whole was not hacked; our code was not hacked; the VPN tunnel was not breached.

“The NordVPN applications are unaffected. It was an individual instance of unauthorised access to 1 of more than 5000 servers we have.”

The hacker managed to access this server because of the mistakes made by the data centre owner, of which NordVPN was not aware.

As soon as we found out about the issue, the company ceased its relationship with this particular data centre and shredded the server.

The stamement said it was not a targeted attack against NordVPN as at least two other VPN services were affected.

To prevent any similar incidents, among other means, NordVPN encrypts the hard disk of each new server it builds.

“The security of our customers is the highest priority for us.”

Timeline:

1. The affected server was brought online on January 31st, 2018.

2. Evidence of the breach appeared in public on March 5th, 2018.

3. The potential for unauthorised access to the server was restricted when the data centre deleted the undisclosed management account on March 20th, 2018.

4. The server was shredded on April 13, 2019 – when NordVPN suspected a possible breach.

ESET cybersecurity specialist Jake Moore says, “No doubt privacy purists will jump on this and try to call Nord and other services out, but using a VPN is still hugely advised to protect online anonymity.

“This is especially true in hostile states, where some apps or websites are banned.

“VPNs are also extremely useful when using public Wi-Fi, and this news shouldn’t put you off. It will still be more secure to use a VPN than not using one at all,” he says.

Story image
Fortinet holds position as fastest-growing SD-WAN vendor
According to a new Omida report, the company has seen a 247% revenue growth year-on-year. Plus, Fortinet announces Fortigate 80F.More
Link image
How to prioritise metrics as an e-commerce CTO
E-commerce technology leaders need to track, analyze, and act on large volumes of business and system performance data. Danny Miles, the CTO of Dollar Shave Club, shares a powerful framework for thinking about and prioritizing e-commerce metricsMore
Story image
Improving network security by ‘deflecting’ cybercriminals
Even with the best perimeter defences in place, malicious actors can still gain access to a network and resources connected to it. But a new technique has made it significantly easier to spot these cyber-attackers.More
Story image
Q&A: Barracuda VP on how SD-WAN can aid in public cloud adoption
Techday caught up with Barracuda RVP of public cloud & strategic alliances Chris Hill to discuss why SD-WAN is fast becoming the launch pad into the cloud.More
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Story image
Three-in-one cloud security can ease business through difficult times
By leveraging a comprehensive security platform, organisations can block threats and prevent leakage for all interaction between endpoints, devices and apps, writes Bitglass product marketing manager Juan Lugo. More