NordVPN confirms 2018 security breach involving datacenter partner

Shawn Knight

TechSpot Staff
Staff member

Virtual private network service provider NordVPN on Monday said it has learned of a security issue involving a datacenter partner.

As the timeline goes, the single affected server was built and added to NordVPN’s server list in Finland on January 31, 2019. At some point, an attacker gained access to the server via an insecure remote management system left behind by the datacenter. “We were unaware that such a system existed,” said NordVPN blog editor Daniel Markuson.

The datacenter reportedly noticed the vulnerability and deleted the remote management account without notifying NordVPN on March 20, 2018.

Markuson said the VPN provider learned of the vulnerability “a few months back” and promptly terminated all contracts with the company. They also launched an internal audit to check their entire infrastructure, conducted an application security audit and started a process to move all of their servers to RAM.

Markuson said the expired TLS key taken when the server was exploited couldn’t have been used to decrypt the VPN traffic of any other server. “On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM (man-in-the-middle) attack to intercept a single connection that tried to access nordvpn.com.”

Furthermore, NordVPN said that no user credentials were taken and that the server did not contain any user activity logs.

NordVPN said it is now holding their datacenter partners to “even higher standards” and is working on a bug bounty program.

Masthead credit: NordVPN app by Sharaf Maksumov

Permalink to story.

 

PEnnn

TS Addict
"NordVPN said it is now holding their datacenter partners to “even higher standards” and is working on a bug bounty program."

Now?? I am afraid it's a bit late for that. How about setting standards and using frequent inspections before the horse leaves the barn???

And to make the story even more ludicrous; NordVPN was always highly recommended (even here, multiple times), so you can imagine how bad the lesser ones are....!!
 

psycros

TS Evangelist
"NordVPN said it is now holding their datacenter partners to “even higher standards” and is working on a bug bounty program."

Now?? I am afraid it's a bit late for that. How about setting standards and using frequent inspections before the horse leaves the barn???

And to make the story even more ludicrous; NordVPN was always highly recommended (even here, multiple times), so you can imagine how bad the lesser ones are....!!
What part of the story is exceeding your level of comprehension? The part where their data center partner concealed the breach or the part where NordVPN acted the moment they learned of the breach?
 

ColdDryym

TS Rookie
I honestly think this is going to be forgotten in about a month or so. The whole incident is just overblown by competitors who want NordVPN gone out of the competition. One server was breached as well as there were no logs, so users were not affected at all. As for the data center I think they should be held responsible as they didn't make sure that their servers are secure..