Recently, information about one of the most popular VPN being hacked surfaced on the Internet. The story began when TechCrunch published an article that was full of empty and unjustified claims that NordVPN does not invest in security at all. At the same time, TechCrunch failed to disclose that it is owned by Verizon, a company that has its own VPN service. The VPN service is a competitor of NordVPN, thus this explains the harshness of the posted article. Social media, news websites and the biggest media outlets wrote about how “NordVPN was hacked”, “NordVPN confirms it was hacked” and used similar titles to get more user reach and traffic to their websites. However, most of the information was quickly shared on Reddit.

We have gathered and systematized all the information regarding this topic that we found on Reddit. We also checked what security experts say about NordVPN’s case. Reddit has divided itself into 2 camps: it seems that a part of Reddit users have jumped on the clickbait wagon (strange that even those who present themselves as security experts have done so), while others say that calling this a “hack” is way too generous.

The Summary of basic concerns expressed by active Redditors:

Biggest concerns mostly come not from the incident itself or that it happened, but that the company did not say anything for almost a year, as the server was affected in March 2018.

A lot of questions were raised whether the VPN can be trusted — if they knew about the incident, why didn’t they inform their users, maybe the company doesn’t care, what other information is kept from the user base.

Some users were disappointed about how NordVPN switched the blame fully on the datacenter provider, thus not taking responsibility on their part.

Users could not believe that the VPN provider didn’t know anything about the incident and questioned the importance of privacy.

Positive responses from Reddit regarding the incident:

A lot of tech-savvy users stepped up to carefully explain in detail how this issue could only affect a very small user base as well as how minimal the damage could have been done.

Others wrote about how no VPN provider is 100% safe from these kind of accidents and that it’s nice to see NordVPN talking about it and not sweeping it under the rug.

A part of users explained how they still trust the company due to its services recently being audited as well as the no logs being in place.

Users stood up by NordVPN, saying that it gets too much negativity, especially knowing that a few other VPN providers were affected by this setback as well.

Some raised questions about TechCrunch in particular, as the news website wrote a misleading title — users deduced that TC might have written a questionable article about the occurrence due to being owned by Verizon, a company that has launched its own VPN some time ago.

What do security experts have to say about NordVPN’s incident?

The attacker who exploited the server located in Finland, got hold of TLS keys that could have been used to attack users using the Man in the Middle attack (MITM). However, the said private keys cannot be used to decrypt any user traffic.

The found TLS keys were already expired, minimizing the damage that could have been done. Moreover, it would require extraordinary access to compromised user devices, which would be very difficult to ahold of, not to mention execute the attack.

User credentials were not affected in any way.

Only one server was affected, and as NordVPN has a no logs policy — no user activity logs were found. The company encrypts the RAM of every new server, thus tightening its security.

Is NordVPN safe to use?

Yes, and here’s why: