NordVPN, one of the leading VPN providers in the world, recently revealed that one of their servers suffered a breach. This was not a targeted attack, as two other VPN providers – TorGuard and VikingVPN – were also affected.

The breach happened in March 2018, when a hacker managed to gain access to one of NordVPN’s Finnish servers. The company states that this was an isolated incident that affected only one of the 3000 servers they had at the time.

A compromised data center’s account to blame

The still unknown attacker managed to gain unauthorized access to one of the servers via an insecure remote management system account. The VPN provider stated that the data center added the account without notifying the company.

The account was later deleted, but the data center owner failed to inform NordVPN about the incident. The company found out about the breach on April 13, 2019, and immediately shredded the server and terminated the contract with the data center.

According to NordVPN’s blog post about the incident, the company decided not to inform the public right away. Their goal was to make sure that all their infrastructure was safe from attacks like this one. “We had to ensure that no other server could possibly be exploited this way. Unfortunately, thoroughly reviewing the providers and configurations for over 5,000 servers around the world takes time.”

Users’ data reportedly safe

Since the VPN provider does not keep any logs of their users’ activity, the attacker could not access any particularly sensitive information about NordVPN’s users. The hacker only got a TLS key that expired after two months. It could have only been used to perform a very complicated and specifically targeted MITM attack, but so far, there are no reports about something like this taking place.

According to their media statement, “There are no signs showing that any of our customers were affected or that their data was accessed by the malicious actor. While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalized or linked to a particular user.”

What are the implications? Of course, this is a blow to the company’s reputation. However, NordVPN plans to tighten its security even further. The company underwent an application security audit and have a second no-logs audit planned soon. NordVPN’s press release also stated that they will now encrypt the hard disk of every new server they build.

Time will show how the users will react to the news. But it’s safe to say that it will depend mainly on how NordVPN will handle the implementation of the promised security measures.

Thanks for reading techfollows.com.