sb-as logo
Story image

Hackers access NordVPN server, users unaffected

23 Oct 2019

NordVPN announced that one of its servers was breached in 2018, allowing a malicious actor to access the server it was renting from a Finnish data centre.

The company issued a media statement saying there are no signs showing that any of its customers were affected or that their data was accessed by the attacker.

While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalised or linked to a particular user.

The server itself did not contain any user activity logs.

The statement said that none of NordVPN’s applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted.

“Our service as a whole was not hacked; our code was not hacked; the VPN tunnel was not breached.

“The NordVPN applications are unaffected. It was an individual instance of unauthorised access to 1 of more than 5000 servers we have.”

The hacker managed to access this server because of the mistakes made by the data centre owner, of which NordVPN was not aware.

As soon as we found out about the issue, the company ceased its relationship with this particular data centre and shredded the server.

The stamement said it was not a targeted attack against NordVPN as at least two other VPN services were affected.

To prevent any similar incidents, among other means, NordVPN encrypts the hard disk of each new server it builds.

“The security of our customers is the highest priority for us.”

Timeline:

1. The affected server was brought online on January 31st, 2018.

2. Evidence of the breach appeared in public on March 5th, 2018.

3. The potential for unauthorised access to the server was restricted when the data centre deleted the undisclosed management account on March 20th, 2018.

4. The server was shredded on April 13, 2019 – when NordVPN suspected a possible breach.

ESET cybersecurity specialist Jake Moore says, “No doubt privacy purists will jump on this and try to call Nord and other services out, but using a VPN is still hugely advised to protect online anonymity.

“This is especially true in hostile states, where some apps or websites are banned.

“VPNs are also extremely useful when using public Wi-Fi, and this news shouldn’t put you off. It will still be more secure to use a VPN than not using one at all,” he says.

Story image
Australians ignoring cybersecurity policies in favour of productivity
Trend Micro has found that 67% of remote workers have increased their cybersecurity awareness during COVID-19 related lockdowns. However, despite greater awareness people may still engage in risky behaviour, the survey finds.More
Story image
LogRhythm named #1 for customer satisfaction in G2 report
Named a Leader in G2 Research's reports for SIEM, Incident Response, and usability based on aggregated user rating data.More
Link image
Enterprises require a new approach to data-driven transformation
Organisations need a new approach. An enterprise data cloud unlocks the power of your data to serve customers better, operate with greater efficiency, and strengthen security to protect your businessMore
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
Inteview: Mimecast security expert on why email attacks are more successful than ever
Techday spoke to Mimecast Australia principal technical consultant Garrett O’Hara, who walks through why security experts are becoming increasingly pessimistic about email-borne attacks.More
Link image
Transform your authentication from a burden to a boon
Modern authentication tools can be operational burdens, introducing more problems than they solve. Here's how one solution can flip the script.More