NordVPN Admits Datacenter Hack From Back In 2018

  • NordVPN picked the wrong data center provider and is now paying it with negative publicity.
  • A malicious actor has compromised the unprotected server and had it running for a full month.
  • NordVPN knew about this since a few months ago, but they opted not to disclose it yet.

NordVPN, one of the most trustworthy VPN solutions out there, has just confirmed that they were hacked after compelling evidence was published by a Twitter user called “undefined” a few hours ago. As the hacker points out, whoever compromised NordVPN had root access to a container server, which means full control. The hacker also suggests that TorGuard, VikingVPN, and OpenVPN also had their server keys and TLS certificates stolen in the past, but there’s no official confirmation about this yet. Long story short, whoever had the expired internal keys exposed could launch their own NordVPN server clones with all that this entails for the users of the popular service.

Did this actually happen, and have people fallen victims of such a nasty Man in the Middle attack? In their official response, NordVPN tries to ease the fear about the incident by stating that the server which was compromised did not contain any user activity logs or user credentials, so no critical stuff could have been intercepted by the malicious actors. Moreover, they clarify that this was an isolated case, as one of their datacenter providers has left a remote management system unprotected by mistake. That said, all of the three thousand other datacenters used by them are perfectly safe, and have been safe all along. NordVPN says they double-checked that, so we don’t have any reason to dispute them.

NordVPN states that they became aware of the compromise a few months ago, but decided not to disclose the incident immediately because they wanted to make sure that no other parts of their infrastructure had been compromised. The company is attributing this delay to a large number of servers and the complexity of their infrastructure. Of course, disclosing it now that the “undefined” hacker published his/her discoveries isn’t helping a lot with maintaining a trusting rapport with their customers. As much as bad news this would be for its users, and as damaging as it would be for their business, we would have preferred NordVPN to disclose the incident much sooner.

Recently, NordVPN completed an in-depth penetration-testing security audit by VerSprite, and they are currently undergoing their second no-logs audit, so the software is still very robust and without a doubt, one of the best in the field. Still, having 0.03% of your infrastructure compromised can have a long-lasting harmful effect on your reputation.

Update: TorGuard has also admitted that its VPN services were compromised in September 2017. They traced the actor to an 8chan user who used expired ghostbin links to prove his crime. However, and because TorGuard was using secure PKI management, its main CA key was not affected. The team of the popular VPN service realized the breach in May 2019 and figured that they had already removed the hosting reseller from their network due to other incidents.

Will you continue to trust NordVPN, or are you changing products after this incident? Let us know in the comments down below, or join the discussion on our socials, on Facebook and Twitter.

Morocco vs. Portugal Live Stream: How to Watch World Cup 2022 Quarterfinal Match Online
Eight teams remain in the hunt to win the 2022 FIFA World Cup, and the quarterfinals present fans with four exciting match-ups....
England vs. France Live Stream: How to Watch World Cup 2022 Quarterfinal Match Online
A blockbuster clash awaits us as England and France lock horns in the 2022 FIFA World Cup quarterfinals. Some of the world's...
How to Watch The Match 2022 Online: Live Stream Golf From Anywhere
Golf fans, prepare yourselves: The Match 2022 has arrived. Watching the live stream of the Match 2022 has never been easier, as...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari