Latest in Gear

Image credit: scanrail via Getty Images

NordVPN strengthens security measures following server breach

It's taking several steps in an effort to show customers that it can still provide secure access to the internet.
169 Shares
Share
Tweet
Share
Save

Sponsored Links

scanrail via Getty Images

NordVPN is taking steps to ensure customers that it can stay true to its promise of providing "secure and private access to the internet" after admitting that an attacker breached one of its servers. To start with, its in-house team of penetration testers will now be working with cybersecurity firm VerSprite to conduct comprehensive penetration testing, intrusion handling and source code analysis. The firm will also help NordVPN form an independent cybersecurity advisory committee as part of their long-term partnership.

In an effort to find vulnerabilities before a bad actor does again, it's also launching a bug bounty program over the next few weeks. NordVPN also promises to undergo a complete a full-scale third-party independent security audit covering its hardware, software, backend architecture, backend source code and internal procedures in 2020.

The company says it's planning to build a network of collocated servers -- or servers it will fully own even though they're located in a rented data center space -- as well. It's just currently finishing its infrastructure review to look for and remove any exploitable vulnerabilities left by third-party server providers. Finally, NordVPN says it's planning replace its entire infrastructure with diskless servers so that nothing will be stored locally. That way, even if an infiltrator seizes a server, they won't find anything in it.

NordVPN admitted last week that an unauthorized person accessed a server it rented from a data center in Finland back in March 2018. That data center spotted the infiltrator and removed their access without informing the company, but NordVPN found out about the incident a few months ago and ended its contract with the provider.

The company says it's sure that the infiltrator wasn't able to access customer data, since the compromised server didn't contain any activity logs, usernames or passwords. An Ars Technica report says the hackers were able to steal encryption keys that could be used to stage decryption attacks on some customers. But NordVPN maintains that the "service as a whole was not hacked, the code was not hacked, the VPN tunnel was not breached and the NordVPN apps stayed unaffected."

In this article: gear, NordVPN, security, server breach
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
169 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Motorola's revived RAZR is a fashion-forward foldable

Motorola's revived RAZR is a fashion-forward foldable

View
Mark Wahlberg is poised to join the 'Uncharted' movie

Mark Wahlberg is poised to join the 'Uncharted' movie

View
John Carmack takes a step back at Oculus to work on human-like AI

John Carmack takes a step back at Oculus to work on human-like AI

View
NASA renames Kuiper Belt object following controversy

NASA renames Kuiper Belt object following controversy

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr