VPNs or Virtual Private Networks as its been called gives us online protection and privacy. However, we begin to question the companies rendering these VPN services when their server(s) gets hacked. I mean, how do they guarantee your Internet privacy when they can't ward off attacks launched against them?
Popular VPN service provider NordVPN has been forced to admit that its server was hacked back in March 2018 after Twitter user @hexdefined tweeted during the weekend that the VPN providers expired TLS certificate key which used to securely connect customers to its (NordVPN) web servers have been leaked.
Also Read: Major Security Flaws Found In 150 Top Free Android VPNs On Google Play Store
According to a statement, NordVPN blames the breach on an expired internal security key. The company said the attack happened in early 2018 at one of the data centres it uses in Finland. The hacker managed to breach the server by exploiting an insecure remote management system deployed by the data centre provider, and of which NordVPN wasn't told about.
The VPN service provider said the hacker server did not contain any user data as well as credentials as it does not log user data, which means no data was stolen.
"The intruder did not find any user activity logs because they do not exist," NordVPN said. "They did not discover users' identities, usernames, or passwords because non of our applications send user-created credentials for authentication."
However, the company acknowledged that the hacker accessed the expired TLS private keys, it said that there was no means for the hacker to have used the expired private key to decrypt the VPN traffic on its other servers.
"The intruder did find and acquire a TLS key that has already expired," NordVPN said. "With this key, an attack could only be performed on the web against a specific target and would require extraordinary access to the victim's device or network (like an already-compromised device, a malicious network administrator, or a compromised network). Such attack would be very difficult to pull off. Expired or not, this TLS could not have been used to decrypt NordVPN traffic in anyway."
TorGuard and Viking VPN are also believed to have been caught up in the same VPN breach, though TorGuard has released a statement which admits that one of its servers too was hacked.
"TorGuard first became aware of this disclosure during May of 2019 and in a related development we filed a legal complaint against NordVPN in the Middle District of Florida on June 27, 2019," the TorGuard statement read.
TorGuard said that they removed from their network in early 2018 the single server that was compromised and have ever since terminated all business with the related hosting reseller because of repeated suspicious activity.
"The TLS certificate *.torguardvpnaccess.com on the affected server is a squid proxy cert which has not been valid on the TorGuard network since 2017," the VPN provider added.
I would also recommend reading this article - explains a lot https://vpnpro.com/blog/nordvpn-security-breach-between-fact-and-fiction/
ReplyDeleteall in all, and I don't think it's a major issue, and I didn't change my opinion about Nord... but it's just imho
You Blog is so interesting! I do not believe I’ve truly read anything like this before. So good to discover somebody with a few unique thoughts on this subject matter. Really.. thank you for starting this up. This site is one thing that is required on the internet, someone with a little originality! Download NordVPN Crack
ReplyDelete