NordVPN Admits It Was Hacked Last Year

NordVPN Admits It Was Hacked Last Year

It becomes increasingly clear every day how difficult it can be to maintain some semblance of privacy on the internet. An increasing number of people have started using VPN services to keep their activities private, but a compromised VPN can be even worse for your anonymity. The popular and widely recommended NordVPN pushes its ability to protect your privacy online, but it has just admitted that unknown attackers managed to breach one of its servers last year.

A VPN acts as a “tunnel” for all your web traffic, so anyone attempting to observe what you’re doing will just see data going to and from the VPN’s servers. However, the VPN is essentially acting like a second ISP, and that means it sees all your unencrypted data. NordVPN and most other paid services are clear that they don’t keep logs of user activity. However, the server infiltration could have made it feasible for the attacker to spy on users.

The breach occurred in March 2018, and NordVPN learned about it several months ago. The company says it waited to release details until it made sure its infrastructure was secure. It points the finger at a data center provider, which hosted one of Nord’s servers in Finland. Apparently, the data center had an insecure remote management system that NordVPN didn’t know about.

So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys… pic.twitter.com/TOap6NyvNy

— undefined (@hexdefined) October 20, 2019

While someone did access the server, NordVPN stresses that it does not save activity logs, user IDs, or other personal details. Nord also lost control of an (expired) private key, which could allow others to set up servers that masquerade as official NordVPN servers. Security researchers outside the company expressed concern at the scale of the infiltration. An unknown party had full remote control of the server for a period of time, and they could have used that to scoop up data from some users regardless of whether or not anything is stored on the server. However, NordVPN asserts that the only way someone could have stolen user data from the server is via a targeted man-in-the-middle attack.

Reports are circulating that several other VPN providers may have been attacked around the same time. TechCrunch reports seeing records from other VPN providers like TorGuard and VikingVPN that suggest they may have also been breached. However, neither company has confirmed that. Both say they experienced limited breached in 2017 that didn’t include any access to VPN traffic.

Continue reading

Micron Announces 176-Layer NAND, Volume Shipments Underway
Micron Announces 176-Layer NAND, Volume Shipments Underway

Micron has announced its 176-layer NAND today in an impressive step forward for the industry.

No Flying Cars Yet, But How About a $300 Toaster With a Touch Screen?
No Flying Cars Yet, But How About a $300 Toaster With a Touch Screen?

As 2020 draws to a close, there's still no word on flying cars, but don't worry: We found something even better. For a certain definition of the word "better."

Elon Musk: SpaceX Will Send People to Mars in 4 to 6 Years
Elon Musk: SpaceX Will Send People to Mars in 4 to 6 Years

SpaceX and Tesla CEO Elon Musk likes to make bold claims. Sometimes he comes through, and we end up with a reusable Falcon 9 rocket, but Musk also has a tendency to get carried away, particularly when it comes to Mars. The SpaceX CEO has long promised a Mars colony on an aggressive, and some…

Minecraft With Ray Tracing Now Available for All Windows 10 Players
Minecraft With Ray Tracing Now Available for All Windows 10 Players

You don't usually think of Minecraft as a realistic game, but the developers have been hard at work adding RTX ray tracing to the game for the last eight months. It's finally out of beta today, and it really works with the blocky look of Minecraft.