Latest in Gear

Image credit:

NordVPN strengthens security measures following server breach

It's taking several steps in an effort to show customers that it can still provide secure access to the internet.
Mariella Moon, @mariella_moon
October 30, 2019
Share
Tweet
Share

Sponsored Links

scanrail via Getty Images

NordVPN is taking steps to ensure customers that it can stay true to its promise of providing "secure and private access to the internet" after admitting that an attacker breached one of its servers. To start with, its in-house team of penetration testers will now be working with cybersecurity firm VerSprite to conduct comprehensive penetration testing, intrusion handling and source code analysis. The firm will also help NordVPN form an independent cybersecurity advisory committee as part of their long-term partnership.

In an effort to find vulnerabilities before a bad actor does again, it's also launching a bug bounty program over the next few weeks. NordVPN also promises to undergo a complete a full-scale third-party independent security audit covering its hardware, software, backend architecture, backend source code and internal procedures in 2020.

The company says it's planning to build a network of collocated servers -- or servers it will fully own even though they're located in a rented data center space -- as well. It's just currently finishing its infrastructure review to look for and remove any exploitable vulnerabilities left by third-party server providers. Finally, NordVPN says it's planning replace its entire infrastructure with diskless servers so that nothing will be stored locally. That way, even if an infiltrator seizes a server, they won't find anything in it.

NordVPN admitted last week that an unauthorized person accessed a server it rented from a data center in Finland back in March 2018. That data center spotted the infiltrator and removed their access without informing the company, but NordVPN found out about the incident a few months ago and ended its contract with the provider.

The company says it's sure that the infiltrator wasn't able to access customer data, since the compromised server didn't contain any activity logs, usernames or passwords. An Ars Technica report says the hackers were able to steal encryption keys that could be used to stage decryption attacks on some customers. But NordVPN maintains that the "service as a whole was not hacked, the code was not hacked, the VPN tunnel was not breached and the NordVPN apps stayed unaffected."

In this article: gear, NordVPN, security, server breach
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Scientists might know why astronauts develop health problems in space

Scientists might know why astronauts develop health problems in space

View
The best Black Friday tech deals we could find

The best Black Friday tech deals we could find

View
Belkin’s new wireless charger tries to do what AirPower promised

Belkin’s new wireless charger tries to do what AirPower promised

View
'Spider-Man: Miles Morales' bug gives NYC the patio heater superhero it needs

'Spider-Man: Miles Morales' bug gives NYC the patio heater superhero it needs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr