NordVPN Says It Was Hacked Back in 2018. Everything We Know So Far
NordVPN is one of the most popular VPN service providers that millions of people use around the world. You must have seen NordVPN spending a lot of money to promote its products by social media influencers and YouTubers. VPN or virtual private network is getting popular due to increasing risk being spied by government or ISP. A VPN encrypts your traffic and tunnel through a secured server by keeping your ISP and government agency in the dark. In that way, what you are browsing or sending over the internet, your ISP and other people spying onto your internet traffic can not see.
For this reason, many activists, journalists, ministers like to use a good premium VPN. Another benefit of a VPN is that it lets you access geo-locked websites and online content. It is very common for governments to block certain websites that they think not appropriate and critical to them. By using a VPN, you can easily access those blocked websites and geo-locked online content.
So, imagine you can imagine how important it is for the VPN service providers to keep their servers safe from hackers. Recently one of the biggest VPN providers, NordVPN, admitted that in 2018, one of their servers in Finland was hacked. In a blog post, NordVPN explained that back in March 2018, a server in Finland that they were renting was breached by something called a remote management server. By accessing the data center, hackers were able to access all the servers hosted on datacenter, including NordVPN. NordVPN, however, says that the attack was only limited to Finland and didn’t affect any other servers they are using worldwide. In that hack, attackers were able to gain access to one of the three private keys which use to generate digital certificates for HTTPS encryption. Many experts believe that by accessing that private key, anyone with basic knowledge can impersonate nordvpn.com and intercept every traffic going through the NordVPN servers. Hackers could also deploy man-in-the-middle attack to spy on people browsing the internet in real-time.
However, NordVPN says that TLS “key couldn’t possibly have been used to decrypt the VPN traffic of any other server.”
NordVPN said in that blog post that the “server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.”
NordVPN says that the attack was due to the insecure remote management system left open by the datacenter and that they had no idea of such a system existed. NordVPN has terminated the contract with the data center provider ever since and “shredded all the servers” they had been renting from them.
To answer the question of many people have of why it took 20 months for NordVPN to come forward and tell about the hack, NordVPN said: “We did not disclose the exploit immediately because we had to make sure that none of our infrastructures could be prone to similar issues.”
Are you a NordVPN user? Don’t you think it is unethical for NordVPN to keep their customers in the dark? Had there been no reports from security researchers about the hack, maybe NordVPN would have never admitted to the hack. We are relying more and more on online service providers like NordVPN to keep our online data safe from being spied, but if that also gets hacked, I don’t who to trust. What are your thoughts on this particular matter? Please use the comment section to share your thoughts and comments.
2 Replies to “NordVPN Says It Was Hacked Back in 2018. Everything We Know So Far”
Understanding the way TSL keys work, people and escpecially NordVPN users should stay calm.. you would really have to fall for fishy direct links to be at harm from a MiTM attack.. Really the issue is not serious at all, IMO it will only help NordVPN in the future as they are increasing their security to the max according to their official statement.
I think Noah is right, I’m not sure how TSL keys work and what they are, but as nordvpn said, servers don’t log usernames, emails etc. So nothing substantial could’ve been leaked even if the hackers had full access to the servers