NordVPN, one of the most recognized VPN services provided was hacked. The information was unveiled on October 21st. Other VPN providers such as TorGuard were also affected. VPNs have been expanding throughout the world allowing users to increase their privacy online.
NordVPN Affected By Security Breach
According to some reports, NordVPN was affected by a security breach. Although the company claims that they follow a ‘zero logs’ policy, it is possible private data could have been stolen by malicious third parties.
Laura Tyrell, NordVPN spokesperson commented that one of their data centres was accessed back in march 2018 without authorization. An attacker gained access to this server located in Finland by exploiting a management system left by the data centre provider. The spokesperson commented:
“The servier itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.”
However, it could have been possible to perform a man-in-the-middle attack to intercept a connection that tried accessing NordVPN.
In a blog post, NordVPN explained that just 1 of more than 3000 servers they had at the time was affected.
At the same time, the company informed they discovered this data breach a few months ago but they decided to disclose this information on October 21st to be 100% sure all their infrastructure is currently secure.
Researchers consider that the company’s systems could have been affected even further.
Indeed, it might have been possible for users to set up their own VPN server pretended to be NordVPN, TorGuard or even VikingVPN. In this way, these attackers could steal users’ data as they started using these services.
The firm has already audited their systems and they will work on a second no-logs audit during these days. In the future, they are also planning to launch a bounty program to offer better services to users.
TorGuard confirmed to TechCrunch a few hours ago that a single server was compromised back in 2017. However, they deny VPN traffic was accessed by the attackers. Several VPN services confirmed they were not affected by the hack including Surfshark.
There are plenty of VPNs in the market that have been offering services to users during the last years. Individuals should always be very cautious about the data they share online and how they handle it. Hackers have been improving their tactics and not even privacy providers are free from being affected by hacks and attacks.