NordVPN, a virtual private network provider that promises "to protect your privacy online," has confirmed that it has been hacked.
Admission is due to rumors that the company has been injured. It turned out that NordVPN had disclosed an expired internal private key that potentially allowed anyone to outsource its own servers modeled on NordVPN
sites through their Internet browser traffic. This is why journalists and activists often use these services, especially if they work in hostile countries. These providers channel all your Internet traffic over an encrypted pipe. This makes it harder for anyone on the Internet to determine which websites you visit or which apps you use. Often, however, this means that you need to move your browsing history from your Internet service provider to your VPN provider. This left many vendors open for review because it is often unclear whether each vendor logs every site a user visits.
For its part, NordVPN has set a policy with "null protocols". "We do not track, collect or share your private information," says the company.
However, the security breach may alert that hackers may have been able to access some user data.
NorthVPN announced TechCrunch announced that one of its data centers was accessed in March 201
The attacker gained access to the server NordVPN said it was not known that such a system exists.
NordVPN did not name the datacenter provider] "The server itself did not contain any user activity logs. None of our applications send user-created authentication credentials, so they could not intercept usernames and passwords, "the spokesman said. "By the same token, the only way to abuse website traffic was to conduct a personalized and complicated man-in-the-middle attack to intercept a single connection attempting to access NorthVPN."
The expired private key could not have been used to decrypt VPN traffic on another server.
NordVPN claimed to have learned of the security breach "a few months ago" The company wanted to be "100% sure that every component in our infrastructure is secure." A company in need of a press release approval called these results "disturbing."
"While this is unconfirmed and we await further forensic evidence, this is an indication of a complete compromise of this provider from a remote system," said the security researcher. "That should very much affect anyone who uses or promotes these particular services."
NordVPN stated that "no other server in our network is affected". However, the security researcher warned that NordVPN ignored the larger issue of possible attacker access over the network. "Your car was just stolen and taken on an amusement ride, and you argue about what keys were pressed on the radio." The researcher said.
The company acknowledged that it had installed intrusion detection systems, a popular technology used by companies to detect early violations, but "no one knew anything about an undisclosed remote management system left behind by the [data center] provider ", the spokesman said.
"They spent millions on advertising, but apparently nothing for effective defense security." the researcher said.
NordVPN was recently recommended by TechRadar and PCMag. CNET described it as a "preferred" VPN provider.
It is also believed that several other VPN providers were injured at the same time. Similar records published online and seen by TechCrunch suggest that TorGuard and VikingVPN may also have been compromised, but the speakers have not returned a request for comments.
Do you have a tip? You can safely send tips via Signal and WhatsApp to +1 646-755-8849. You can also send PGP emails with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.