NordVPN admits it was hacked in 2018
The company behind one of the most popular VPN service NordVPN has confirmed that it was hacked. One of the company’s data centers was accessed by an unknown hacker back in March 2018.
Also see: Best VPNs For Netflix
The company admitted this after an expired internal private key of NordVPN was exposed online. This allowed anyone to spin out their own servers imitating NordVPN.
As per reports by Techcrunch, the hacker got access to one of the servers located in the data centers in Finland. The compromised server was active for about a month. The attacker got access by exploiting an insecure remote management system that was left on the server by the data center provider.
“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said Laura Tyrell, a spokesperson for NordVPN. “no other server on our network has been affected.”
The company has put the blame on the Data Center provider but didn’t name it.
NordVPN is a highly recommended VPN provider. We also recommended it for its awesome VPN service. But this finding is troubling. The company claims full user data privacy and spent millions of advertising the same. But it failed to protect its own server.