NordVPN confirms hacking

NordVPN has just confirmed having been hacked several months ago, in March 2018. Hackers have had access to a server rented by the firm for about a month lives a remote management system which the firm denies know the existence. Hackers did not have access to any batches or identifiers, but were able to conduct targeted man-in-the-middle attacks, unbeknownst to everyone.


Do you use NordVPN as a VPN access provider? Bad news: the service that highlights the protection of its users, and the lack of activity logs, was a victim of hacking. The firm admits to TechCrunch that "hackers had access to one of [our] datacenters in Finland where we rent our servers, without authorization." The case goes back to March 2018, and if the firm only talks about it now, it was because it wanted to make sure that other parts of its infrastructure were not vulnerable to such attacks.

NordVPN admits to being hacked

Thus, "the server itself did not contain any log of user activity - none of our applications sent credentials created by users for authentication, so the usernames and words of pass could not be intercepted either, "says a representative of the firm cited by TechCrunch. In fact, hackers did not have access to stored data, but they could still use this access to conduct very targeted attacks.

For example analyze all the traffic of a user on the fly - a formidable technique that is called "man-in-the-middle". To carry out their attack hackers hijacked a remote management system which NordVPN claims never to have known. For this they used private keys - now expired. These unique keys could only be used to access a server - which was not named by the firm. NordVPN points out that no other server has been affected by this attack.

There is no (more) reason to worry at this stage. But it is hoped that the security of the users of this service will be better guaranteed in the future - the consequences may be dramatic for some users

Source : TechCrunch