NordVPN Discloses Server Breach
Date: 22 – October – 2019
NordVPN confirmed that one server of a third-party server provider in Finland had an unauthorized access on March 2018, the breach was possible by a poor configuration of an insecure remote management system account added to the server by the third-party datacenter, without informing NordVPN, after this account was exploited the datacenter deleted the user account without informing again NordVPN.
According to NordVPN: “The intruder did find and acquire a TLS key that has already expired. With this key, an attack could only be performed on the web against a specific target and would require extraordinary access to the victim’s device or network (like an already-compromised device, a malicious network administrator, or a compromised network).”
After finding about this incident NordVPN terminated their contract with the datacenter and launched a thorough internal audit of their infrastructure to ensure that any of the other servers could not be exploited.
NordVPN ensures that this was an isolated case, and no other servers, datacenter providers or users’ credentials were affected, and that “there are no signs that the intruder attempted to monitor user traffic in any way.”
After this incident, NordVPN said that they have raised their standards for current and future data center partners and they are preparing to launch a bug bounty program.