NordVPN Admits It Was Hacked Last Year

NordVPN Admits It Was Hacked Last Year

It becomes increasingly clear every day how difficult it can be to maintain some semblance of privacy on the internet. An increasing number of people have started using VPN services to keep their activities private, but a compromised VPN can be even worse for your anonymity. The popular and widely recommended NordVPN pushes its ability to protect your privacy online, but it has just admitted that unknown attackers managed to breach one of its servers last year.

A VPN acts as a “tunnel” for all your web traffic, so anyone attempting to observe what you’re doing will just see data going to and from the VPN’s servers. However, the VPN is essentially acting like a second ISP, and that means it sees all your unencrypted data. NordVPN and most other paid services are clear that they don’t keep logs of user activity. However, the server infiltration could have made it feasible for the attacker to spy on users.

The breach occurred in March 2018, and NordVPN learned about it several months ago. The company says it waited to release details until it made sure its infrastructure was secure. It points the finger at a data center provider, which hosted one of Nord’s servers in Finland. Apparently, the data center had an insecure remote management system that NordVPN didn’t know about.

So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys… pic.twitter.com/TOap6NyvNy

— undefined (@hexdefined) October 20, 2019

While someone did access the server, NordVPN stresses that it does not save activity logs, user IDs, or other personal details. Nord also lost control of an (expired) private key, which could allow others to set up servers that masquerade as official NordVPN servers. Security researchers outside the company expressed concern at the scale of the infiltration. An unknown party had full remote control of the server for a period of time, and they could have used that to scoop up data from some users regardless of whether or not anything is stored on the server. However, NordVPN asserts that the only way someone could have stolen user data from the server is via a targeted man-in-the-middle attack.

Reports are circulating that several other VPN providers may have been attacked around the same time. TechCrunch reports seeing records from other VPN providers like TorGuard and VikingVPN that suggest they may have also been breached. However, neither company has confirmed that. Both say they experienced limited breached in 2017 that didn’t include any access to VPN traffic.

Continue reading

The Biden Administration Pledges to Address the Semiconductor Shortage
The Biden Administration Pledges to Address the Semiconductor Shortage

Early on Thursday, a group of US chip designers and manufacturers sent a letter to the White House, asking that the government include “substantial funding for incentives for semiconductor manufacturing” as part of the overall COVID-19 economic recovery plan. The Biden Administration has now pledged to take action to help remedy the situation by “identifying…

The US Air Force Quietly Admits the F-35 Is a Failure
The US Air Force Quietly Admits the F-35 Is a Failure

The Air Force has finally admitted that the F-35 is not the aircraft the military hoped it would be, though we doubt Ferrari would appreciate being compared with the F-35.

Microsoft Admits Some Bethesda Games Will Be Xbox Exclusives
Microsoft Admits Some Bethesda Games Will Be Xbox Exclusives

Microsoft has admitted that at least some Bethesda games will be Xbox and PC exclusives.

Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse
Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse

You might want to keep an eye on your USB ports for the next few days. A security researcher has disclosed a disturbingly easy way to gain admin privileges in Windows 10 without a password, and for once, it's not Microsoft's fault.