"The only way to abuse website traffic was to conduct a personalized and intricate MiTM attack to intercept a single connection attempting to access nordvpn.com," the company wrote in a blog post.
The incident occurred in March 2018, when an unauthorized person accessed a NordVPN server rented from a third-party data center in Finland. They used an "insecure remote management system" maintained by the data center provider. NordVPN did not know that such a system existed.
The affected server was added to the NordVPN server list on January 31
The company learned of the incident a few months ago and immediately terminated its contract with the data center provider, deleting all the data that contained the rented servers. The security breach was not disclosed immediately because the rest of the infrastructure needed to be checked to ensure that similar issues were not elsewhere. It also accelerated the encryption of all our servers. Due to the complex infrastructure and the more than 3,000 servers used, this took some time.
None of NordVPN's other servers or data centers were affected by the problem. It is stated that vendors with whom it works must meet higher security standards. In addition, all servers will be moved to memory, a process that will be completed next year.
Although the breach of security does not seem to have a significant impact on users' privacy, it is not a great sight for a company that advertises itself as "secure and private access to the Internet". As such, NordVPN doubles security. "We've gone through an application security review, are currently working on a second audit without logging, and are preparing a bug-tracking program," the article said. "[Next] year, we will conduct an independent external audit of our entire infrastructure to make sure we do not miss anything else."