Latest in Gear

Image credit: gorodenkoff via Getty Images

NordVPN admits to 'isolated' server breach in Finland

The attacker didn't have access to usernames, passwords or user activity logs.
150 Shares
Share
Tweet
Share
Save

Sponsored Links

gorodenkoff via Getty Images

Virtual private network provider NordVPN has confirmed an attacker breached one of its servers, though the tangible impact of the breach seems to be pretty limited. There were no user activity logs on the server -- the company says it doesn't track, collect or share people's private data. There was also no way for the hacker to access usernames and passwords and nor could the attacker have decrypted VPN traffic to other servers.

"The only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com," the company wrote in a blog post.

The incident took place in March 2018, when an unauthorized person accessed a server NordVPN rented from a third-party data center in Finland. They exploited an "insecure remote management system" that the data center provider left in place. NordVPN wasn't aware that such a system existed.

The affected server was added to NordVPN's server list on January 31st that year. The provider detected the vulnerability and removed the remote management account on March 20th without informing NordVPN.

The company learned of the incident a few months ago and right away ended its contract with the data center provider and scrubbed all the data it had on the rented servers. It didn't disclose the breach immediately because it had to audit the rest of its infrastructure to ensure similar issues wouldn't occur elsewhere. It also "accelerated the encryption of all of our servers." That took some time because of its complex infrastructure and the more than 3,000 servers it uses.

The issue didn't affect any of NordVPN's other servers or data centers. It says it will require providers it works with to meet higher security standards. It's also moving all of its servers to RAM, a process that should be completed next year.

While the breach doesn't seem to have had a significant impact on user privacy, it's not a great look for a company that touts itself as offering "secure and private access to the internet." As such, NordVPN is doubling down on security. "We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program," it wrote in the post. "[Next] year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
150 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Washington, DC sues DoorDash for allegedly misleading users about tips

Washington, DC sues DoorDash for allegedly misleading users about tips

View
'Death Stranding' and 'Control' lead Game Awards nominees

'Death Stranding' and 'Control' lead Game Awards nominees

View
Google Assistant’s latest feature is a personalized audio news feed

Google Assistant’s latest feature is a personalized audio news feed

View
NVIDIA's RTX Studio driver speeds up ray-traced V-Ray rendering

NVIDIA's RTX Studio driver speeds up ray-traced V-Ray rendering

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr