NordVPN Admits Datacenter Hack From Back In 2018

  • NordVPN picked the wrong data center provider and is now paying it with negative publicity.
  • A malicious actor has compromised the unprotected server and had it running for a full month.
  • NordVPN knew about this since a few months ago, but they opted not to disclose it yet.

NordVPN, one of the most trustworthy VPN solutions out there, has just confirmed that they were hacked after compelling evidence was published by a Twitter user called “undefined” a few hours ago. As the hacker points out, whoever compromised NordVPN had root access to a container server, which means full control. The hacker also suggests that TorGuard, VikingVPN, and OpenVPN also had their server keys and TLS certificates stolen in the past, but there’s no official confirmation about this yet. Long story short, whoever had the expired internal keys exposed could launch their own NordVPN server clones with all that this entails for the users of the popular service.

Did this actually happen, and have people fallen victims of such a nasty Man in the Middle attack? In their official response, NordVPN tries to ease the fear about the incident by stating that the server which was compromised did not contain any user activity logs or user credentials, so no critical stuff could have been intercepted by the malicious actors. Moreover, they clarify that this was an isolated case, as one of their datacenter providers has left a remote management system unprotected by mistake. That said, all of the three thousand other datacenters used by them are perfectly safe, and have been safe all along. NordVPN says they double-checked that, so we don’t have any reason to dispute them.

NordVPN states that they became aware of the compromise a few months ago, but decided not to disclose the incident immediately because they wanted to make sure that no other parts of their infrastructure had been compromised. The company is attributing this delay to a large number of servers and the complexity of their infrastructure. Of course, disclosing it now that the “undefined” hacker published his/her discoveries isn’t helping a lot with maintaining a trusting rapport with their customers. As much as bad news this would be for its users, and as damaging as it would be for their business, we would have preferred NordVPN to disclose the incident much sooner.

Recently, NordVPN completed an in-depth penetration-testing security audit by VerSprite, and they are currently undergoing their second no-logs audit, so the software is still very robust and without a doubt, one of the best in the field. Still, having 0.03% of your infrastructure compromised can have a long-lasting harmful effect on your reputation.

Update: TorGuard has also admitted that its VPN services were compromised in September 2017. They traced the actor to an 8chan user who used expired ghostbin links to prove his crime. However, and because TorGuard was using secure PKI management, its main CA key was not affected. The team of the popular VPN service realized the breach in May 2019 and figured that they had already removed the hosting reseller from their network due to other incidents.

Will you continue to trust NordVPN, or are you changing products after this incident? Let us know in the comments down below, or join the discussion on our socials, on Facebook and Twitter.



Mob Psycho 100 Season 3: Release Date, Teaser, Poster and Where to Watch!

Mob Psycho 100 season 3 has finally been confirmed by the series’ official Twitter account, along with the release of a new...

GPSD Bugs Set to Roll Back Clocks to 2002 on Sunday

A GPSD bug will make apps roll back to 2002 on Sunday, 24th November 2021.The bug comes from a mistaken code put...

Ransomware Attacks Perpetrated via Vulnerability in BillQuick Billing Software

A critical vulnerability that allowed remote code injection was discovered in multiple versions of the relatively popular BillQuick billing software.The exploit comes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari