SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Hackers access NordVPN server, users unaffected
Wed, 23rd Oct 2019
FYI, this story is more than a year old

NordVPN announced that one of its servers was breached in 2018, allowing a malicious actor to access the server it was renting from a Finnish data center.

The company issued a media statement saying there are no signs showing that any of its customers were affected or that their data was accessed by the attacker.

While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalised or linked to a particular user.

The server itself did not contain any user activity logs.

The statement said that none of NordVPN's applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted.

“Our service as a whole was not hacked; our code was not hacked; the VPN tunnel was not breached.

“The NordVPN applications are unaffected. It was an individual instance of unauthorised access to 1 of more than 5000 servers we have.

The hacker managed to access this server because of the mistakes made by the data center owner, of which NordVPN was not aware.

As soon as we found out about the issue, the company ceased its relationship with this particular data center and shredded the server.

The stamement said it was not a targeted attack against NordVPN as at least two other VPN services were affected.

To prevent any similar incidents, among other means, NordVPN encrypts the hard disk of each new server it builds.

“The security of our customers is the highest priority for us.

Timeline:

1. The affected server was brought online on January 31st, 2018.

2. Evidence of the breach appeared in public on March 5th, 2018.

3. The potential for unauthorised access to the server was restricted when the data center deleted the undisclosed management account on March 20th, 2018.

4. The server was shredded on April 13, 2019 – when NordVPN suspected a possible breach.

ESET cybersecurity specialist Jake Moore says, “No doubt privacy purists will jump on this and try to call Nord and other services out, but using a VPN is still hugely advised to protect online anonymity.

“This is especially true in hostile states, where some apps or websites are banned.

“VPNs are also extremely useful when using public Wi-Fi, and this news shouldn't put you off. It will still be more secure to use a VPN than not using one at all,” he says.