NordVPN Hacked? What Really Happened

Показать описание

Information has recently surfaced about a NordVPN breach caused by vulnerabilities in a third-party datacenter’s server. We’d like to give you a clear timeline of the events followed by some key facts about the NordVPN breach story.

***

***

Key facts

One server was affected in March 2018 in Finland. The rest of our service was not affected. No other servers of any type were put at risk. This was an attack on our server, not our entire service.
The breach was made possible by poor configuration on a third-party datacenter’s part that we were never notified of. Evidence suggests that when the datacenter became aware of the intrusion, they deleted the accounts that had caused the vulnerabilities rather than notify us of their mistake. As soon as we learned of the breach, the server and our contract with the provider were terminated and we began an extensive audit of our service.
No user credentials were affected.
There are no signs that the intruder attempted to monitor user traffic in any way. Even if they had, they would not have had access to those users’ credentials.
The attacker did acquire TLS keys that, under extraordinary circumstances, could be used to attack a single user on the web using a specifically targeted and highly sophisticated MITM attack that we detail further below. These keys could not and cannot be used to decrypt any encrypted NordVPN traffic in any form.
Two other VPN providers were impacted in attacks published by the same intruder. We do not believe that this was a targeted attack against NordVPN.
The incident effectively showed that the affected server did not contain any user activity logs. To prevent any similar incidents, among other means, we encrypt the hard disk of each new server we build. The security of our customers is the highest priority to us and we will continue to raise our standards further and further.

Our goal here is to notify and educate the public about this breach. That’s the only way we’ll be able to recover from this significant setback and make our security even tighter.

Рекомендации по теме

Комментарии

"We NOW encrypt the hard disk of each new server we build."
-NordVPN 2019

Justin-wdvy

A year after the event happened you received information that someone had gotten into a server in their data centre, it took them a year to supposedly contact you then took you 4 months to finally talk about it instead of announcing it when you first found out. It's not the fact that it happened it's the fact you didn't inform anyone such as customers about it that ticks people off, well the fact it happened is kinda bad but come on guys be upfront and tell people about it and don't sweep it under the rug and hope no one notices or finds out about it, that's just a bad move on your part and will damage your business. I got 1 would gladly use you if you had announced this when it happened but the fact you kept it makes me question how many times this or similar has happened that you haven't announced.

FCD

Raid shadow legends took out the competition lmao

bobthenoob

Hmmm... Maybe you should spend money on security and auditing rather than paying for the hundreds, if not thousands, of YouTubers who do promotions for you. "We were unaware" of what was on the server that we pay for in a datacenter. What a joke.

TheDopamin

probs should've kept all the influence cash to bolster up your crappy security tbh.

kodessa

If someone gains remote access to a server, or has the keys to decrypt traffic, hard drive encryption will do nothing to help. When the server is on, the data is accessible in an unencrypted form. Hard drive encryption is only beneficial when the system is off. Why do you think the FBI needed to get Aaron Swartz's computer when it was left on, open, and unattended? Cause as soon as he shuts the lid, the hard drive is protected and encrypted, but when it's on, it's in a state where the data is unencrypted.

TickyTack

we also discovered an ancient technology called disk encryption ...

NoLandMandi

User security isn't your highest concern.
Spending most of your company effort and resources on marketing rather than infrastructure and security.

Toss out your PR firm, they're a waste of time and a useless career when the product is unable to deliver it's advertised security and privacy.

KenjiXSamurai

Free security consulting advice: investing more heavily in the security of your security-focused product, instead of advertising, could help R&D to understand and mitigate risks like this.

TurnGameOn

Right it's everybody else's fault except ours.

optimusminimus-vd

what happens when a security company is actually run by marketers

chrisw

ok wait, you are installing crypto servers on *SOMEONE ELSES GEAR*?
dude...
If you can't afford cage space and your own equipment, find something else to do. You're supposed to be in the security business.

funkyzero

Well, this is what happens when you spend 90% of your budget on advertizing your product, instead of spending that money on the actual security.

thecitizenoftheinternet

you cant shred a sever that you don't own, and you should have told your users before they paid you for service that your servers are RENTED and not OWNED BY YOU.

anonanon

That "extraordinary access" he mentions: Anyone within range connected to the same open WiFi network as you. If you have the private keys it's *trivial* to mount an attack pretending to be NordVPN, steal your username/password to NordVPN and monitor which sites you visit (the kind of things a VPN is supposed to protect against).

Ars Technica has a great article about this, I would recommemd checking it out. NordVPN has allegedly used blackmailing and DDoS attacks against a competitor as well. They seem like a shady company at best and personally I really wouldn't trust them with my traffic.

MagnusRostedt

Everyone is jumping to conclusions...
Do any of you realize that they have to actually take the time to fix what happened and make sure it doesn't happen again? Its not rocket science. Actually, its common sense. They don't give as much of a shit for saying sorry then they do ensuring that nothing like this happens again.

switchedchannelscheckdesc

It's like being oparated and while your belly is open, someone secretely intrudes the surgery room and places a cellphone behind the pancreas.
The phone rings for months and you LeslieNielsen it with a "nothing to see here" gesture.

koneth

NordVPN went public to get ahead of the researchers who found the vulnerability and were going to release the info on Twitter. #shame

cesarnono

Plot twist: The hackers were sent by Tunnelbear

thecitizenoftheinternet

was NORDVPN still paying youtubers to advertise after you learned you were hacked but refusing to let the public know?

jsobers

NordVPN Hacked? What Really Happened

NordVPN Hacked? What Really Happened

NordVPN was hacked... here is what we are doing about it

How to tell if your Wi-Fi Network Has Been Hacked | NordVPN

7 signs your phone was hacked | NordVPN

NordVPN Hacked! How secure is VPN Really?

Why I no longer use a VPN (most of the time) and nor should you

How Hackers Can Attack You On Public Wi-Fi | NordVPN

Even if you’re using the BEST free VPN, you shouldn’t completely trust it with your private info....

The TRUTH About the NordVPN Hack | Your Privacy Is an Illusion

NordVPN Hacked / Breached and Private Key Compromised

SQL Injection Attacks: How your website gets HACKED | NordVPN

My Problem With the NordVPN Hack

3 ILLEGAL apps that are now BANNED ❌

NordVPN Was Hacked: What Happened?

Did NordVPN get hacked?

NordVPN Waited a Year to Disclose Hack?

Youtuber Accidentally Exposes the Scam He's Promoting

Reddit HACKED: The company sweats users’ data is safe #Shorts

Hacker Demonstrates Security Risks Of Free Public Wi-Fi

Are VPNs Just A Scam?

Does NordVPN Protect You From Hackers? I NordVPN YouTube Q&A

How to prevent your phone from being hacked | NordVPN

Data leak: here’s what you do | NordVPN

NordVPN Hacked