NordVPN, one of the most popular and widely used VPN services disclosed details of a security incident that compromised one of its thousands of servers based in Finland.
This week a hacker posted on Twitter that: NordVPN was compromised! This means that unknown hacker or hackers stole private encryption keys used to protect VPN users traffic routed through the compromised server.
Today the breach is official: NordVPN published a blog post detailing about the security incident; we will provide you all the details in the following lines to let you quickly understand what exactly happened, what’s at stake, and what you should do next.
What has been breached?
One NordVPN server hosted in a Finland-based datacenter was unauthorizedly accessed on March 2018.
How was this possible?
For the moment all it is known is that an unknown hacker gained access to that server by exploiting an insecure remote management system left by the data center provider.
What the hacker gained?
The NordVPN company did confirm that the hacker successfully managed to steal three TLS encryption keys responsible for protecting VPN users’ traffic routed through the compromised server.
Even if NordVPN tried to make the security incident go away by saying that the stolen encryption keys are now expired. Cybersecurity researchers made them admit that the keys were valid at the time of the breach and expired in October 2018.
I am a user! How am I affected?
With some limited encryption keys in hand, hackers might only manage to decrypt that extra layer of protection added to the traffic passed through the compromised server, which, can not be abused to decrypt or compromise anything else.
The only possible way that you could get affected is a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com.
This low option cyber attack doesn’t make the incident less worrying, cybersecurity researchers say. All because the stolen encryption keys couldn’t possibly have been used to decrypt the VPN traffic of any other NordVPN server.
Should I stop using NordVPN?
If you’re using NordVPN for privacy or escaping Internet censorship, you should not stop using a VPN service because of such events.
However, you are always advised to do some research and pay for a service that you feel is trustworthy.
Be aware! TorGuard and VikingVPN got also hacked
Don’t think that NordVPN is the only VPN who got breached. Researchers disclosed that 2 other popular VPN services, TorGuard and VikingVPN, also suffered a similar security incident at the same time of the year
Like NordVPN, TorGuard confirmed that a single TorGuard server was compromised and removed from its network in early 2018.
VikingVPN, on the other hand, has yet not responded to the security incident.
What should I do to not get affected by such attacks things?
Always opt for a VPN service that has a no-log policy and before choosing one do some research and see if you can find anything about that VPN provider regarding data breaches or other security incidents that are involving their users or infrastructure.