Breaking News…
Breaking News about NordVPN Breach of their VPN Service. I got this information from TechCrunch that I received today (21st October 2019). I just had to share this important information with you because i have written a few reviews on VPN Providers and thought it my duty to keep you updated.
NordVPN which is a virtual private network provider that as promised their customers that they will “protect your privacy online” confirmed today (21st October 2019) that they have been hacked.
This confirmation comes after rumours that the company had been breached.
This news comes after NordVPN had an expired internal privacy key exposed, which potentially allows anyone to spin out their own servers imitating NordVPN.
VPN providers are become more popular as they supposedly provide privacy from your internet provider and visiting sites about your internet browsing traffic.
Because of this service provided by VPN’s many journalists and activists’ use these services, particularly when they are working in hostile states.
These VPN provider channel all of your internet traffic through one encrypted pipeline and this makes it more difficult for anyone else to see which websites you are visiting and or which apps you are using.
And this means that you browsing history is moved from your internet provider and moved over to your VPN provider.
This has left many providers open to scrutiny as this leave the question open and unclear as to is each internet provider logging every website and user visits.
NordVPN claims a “Zero logs” policy and states that “we don’t track, collect and or share your privacy data”
BUT….
This breach is very much going to cause alarm that hackers may have been in the position to access some of NordVPN’s user data.
NordVPN told TechCrunch that one of its data centres was accessed in March 2018, “one of the data centres in Finland we are renting our servers from was accessed with no authorisation” Said NordVPN spokesperson Laura Tyrell.
The attackers gained access to the servers that were active for about a month and this was carried out by exploiting an insecure remote management system left by the data centre provider, NordVPN explained that they were unaware that such a system even existed.
NordVPN did not name the data centre provider.
NordVPN Spokesperson Said….
“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said the spokesperson. “On the same note, the only possible way to abuse the website traffic was by performing a personalised and complicated man-in-middle attack to intercept a single connection that tried to access NordVPN.”
Now according to the spokesperson, the expired private key could not have been used to decrypt the VPN traffic on any other server.
NordVPN said that they found out about this breach a “few months ago,” but the spokesperson informed that the breach was not disclosed until today because the company wanted to be 100% sure that each of their component with their infrastructure was secure.
UnConfrimed Statement from a Senior Security Researcher
A senior security researcher that TechCrunch spoke to that did not want to be named, because they work for company that require authorisation before speaking to the press, reviewed the statement and the other evidence of this breach and they called what they found out about this NordVPN Breach “troubling”
They also said “While this is unconfirmed and we await further forensic evidence, this is an indication of a full remote compromised of this provider’s systems,” this security researcher said. “That should be deeply concerning to anyone who uses or promotes these particular services.”
NordVPN also said that “no other servers on our network has been affected.”
But in the Security researcher warned that NordVPN was ignoring the bigger issue of the actual attacker’s possible access across the network.
This is what the security research said to the NordVPN statement …
“Your care was just stolen and taken on a joy ride and you’re quibbling abut which buttons were pushed on the radio?
NordVPN spokesperson confirmed that they had installed intrusion detection systems, which is a popular technology that companies use to detect early breaches, But “no-one could know about an undisclosed remote management system left by the unnamed data centre provider.
The security researcher’s response to this was…
“They spent millions on ads, but apparently nothing on effective defensive security.”
NordVPN Was Recently Recommended By….
NordVPN was recently recommended by TechRadar and PCMag. CNET described it as its “favourite” VPN Provider.
Other VPN Providers That May Have Been Breached
Oh and it is also believed that several other VPN providers may have been breached around the same time.
TechCrunch suggest that TorGuard and VikingVPN may have also been compromised.
TorGuard Also Reported that They Were Compromised
TorGuard’s Spokesperson told TechCrunch that a “single server” was compromised in 2017 but they denied that any VPN traffic was accessed.
Well There You Have It.
I am very surprised at this news and just had to share it with you because I have written product reviews for a few VPN services and want my visitors to Smart Laptop Lifestyle to be completely informed as much as possible when making decision on what products and services to use in your online business and everyday life on the internet.
Let me know what you think about this Security Breach in the comments section below?
Are You Using a VPN Service and how is it working for you?
Thank you for visiting
I really hope that you found this article helpful and informative
If you have any questions or thoughts regarding this article or anything else, please feel free to leave me a comment below.
I always respond to my readers.
I will also really appreciate your liking and sharing this article.
You can also subscribe to my newsletter and receive my next blog post by email.
Here’s to making it happen
Jennifer
Smart Laptop Lifestyle
I’m a NordVPN user and when I saw the TechCrunch article, I freaked out and thought I will ask for a refund.. but then I started to read “a researcher that did not want to be named”.. then I found out that TechCrunch is owned by Verizon and they have their own VPN service. Everything started to become fishy. “Your care was just stolen and taken on a joy ride and you’re quibbling abut which buttons were pushed on the radio?” this nonsense really bugged me as well, as the hackers did have access to the server, the traffic is still encrypted so nothing could’ve been done anyway. This whole issue is really not a big deal understanding that NO user data was leaked, and the keys were expired too.. Going to stay away from these articles and continue being a user.
Hi Tarja
Thank you for your feedback and information.
I was building awareness on what was found on the news circuit and I also looked into it and found that other journalist were reporting similar issues.
This is not to say that NordVPN does not provide a good service because many companies and banks have been hacked in the past and still provide a great and secure as possible service to their customers.
As I mentioned I was building awareness and not to stop anyone from using the service but instead to do their own research into how this could affect them.
Many thanks
Jennifer