Latest in Gear

Image credit: gorodenkoff via Getty Images

NordVPN admits to 'isolated' server breach in Finland

The attacker didn't have access to usernames, passwords or user activity logs.
150 Shares
Share
Tweet
Share
Save

Sponsored Links

gorodenkoff via Getty Images

Virtual private network provider NordVPN has confirmed an attacker breached one of its servers, though the tangible impact of the breach seems to be pretty limited. There were no user activity logs on the server -- the company says it doesn't track, collect or share people's private data. There was also no way for the hacker to access usernames and passwords and nor could the attacker have decrypted VPN traffic to other servers.

"The only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com," the company wrote in a blog post.

The incident took place in March 2018, when an unauthorized person accessed a server NordVPN rented from a third-party data center in Finland. They exploited an "insecure remote management system" that the data center provider left in place. NordVPN wasn't aware that such a system existed.

The affected server was added to NordVPN's server list on January 31st that year. The provider detected the vulnerability and removed the remote management account on March 20th without informing NordVPN.

The company learned of the incident a few months ago and right away ended its contract with the data center provider and scrubbed all the data it had on the rented servers. It didn't disclose the breach immediately because it had to audit the rest of its infrastructure to ensure similar issues wouldn't occur elsewhere. It also "accelerated the encryption of all of our servers." That took some time because of its complex infrastructure and the more than 3,000 servers it uses.

The issue didn't affect any of NordVPN's other servers or data centers. It says it will require providers it works with to meet higher security standards. It's also moving all of its servers to RAM, a process that should be completed next year.

While the breach doesn't seem to have had a significant impact on user privacy, it's not a great look for a company that touts itself as offering "secure and private access to the internet." As such, NordVPN is doubling down on security. "We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program," it wrote in the post. "[Next] year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
150 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Google AI can tell you how close your voice is to Freddie Mercury's

Google AI can tell you how close your voice is to Freddie Mercury's

View
Google demos Stadia UI and lists several missing launch features

Google demos Stadia UI and lists several missing launch features

View
Opera's latest browser update will show you how much you're being tracked

Opera's latest browser update will show you how much you're being tracked

View
Stanford publishes its massive Apple Watch heart-rate study

Stanford publishes its massive Apple Watch heart-rate study

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr