UPDATED 15:59 EST / OCTOBER 21 2019

SECURITY

Virtual private network provider NordVPN discloses 2018 breach

NordVPN, a major virtual private network provider with 12 million users worldwide, today disclosed that it suffered a security breach last year.

VPN applications such as NordVPN aim to enhance users’ privacy by routing their web traffic through encrypted connections that are for all intents and purposes isolated from the rest of the network. The connections run through servers operated by the service provider. 

According to NordVPN, last year’s breach saw a hacker compromise one of the rented servers it used for this purpose. The machine in question was running inside a Finnish data center and belonged to an unnamed hosting firm with whom NordVPN has since severed ties. The attacker gained accessed by exploiting a vulnerable remote management application that the hosting firm had installed on the server without notice, NordVPN said. 

NordVPN technicians discovered the breach a few months ago and launched a security audit. The provider claims that no usernames or passwords were exposed, nor could the hacker exploit the compromised server to decrypt traffic processed by other nodes.

“There are no indications than any of our customers were affected and their data was intercepted by a malicious actor,” the company said in a statement. “The tunnel itself is safe and never been hacked. Our core databases, our code and the service itself are also secure and have not been affected. It was single access to one of more than 5,000 servers we have. The hacker managed to access this server because of the mistakes done by a data center owner.”

The attacker did have access to the web activity of users whose requests were routed through the compromised machine. Moreover, TechCrunch reported, attackers may have had the ability to set up malicious servers masquerading as NordVPN systems. A security researcher who spoke with the outlet on condition of anonymity described the incident as “deeply concerning.”

NordVPN said it’s taking steps to avoid similar breaches in the future. The provider is preparing to launch a new security audit of its infrastructure, intends to retain outside experts for an independent evaluation next year and will set up a bug bounty program. Bug bounty programs encourage the cybersecurity community to report weaknesses in a company’s systems by offering financial rewards for submissions.

NordVPN’s disclosure comes just hours after Avast Software s.r.o., one of the world’s largest antivirus providers, revealed that its network was breached via a poorly configured VPN account. The company said it believes that the hackers were targeting the business unit responsible for developing its CCleaner tool for removing unwanted files. 

Photo: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU