Skip to main content
  1. Home
  2. Computing
  3. News

NordVPN confirms an attacker breached a rented Finland server

Add as a preferred source on Google

NordVPN confirmed on Monday that an attacker breached a server it rented from a Finland-based data center. The company, which described the event as an attack rather than a more-common hack, says the breach took place in March 2018, but the attacker did not retrieve any customer information.

“The attacker gained access to the server by exploiting an insecure remote management system left by the data center provider while we were unaware that such a system existed,” the company reports. “The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.”

Recommended Videos

The server in question came online on January 31, 2018.  The unnamed company maintaining the data center allegedly discovered that its vulnerable remote management account remained on the rented server and deleted it on March 28, 2018, without informing NordVPN. The popular VPN provider supposedly didn’t even know this account existed until “a few months ago.”

A virtual private network, or VPN, creates a secure “tunnel” across the internet. These connections were originally intended for employees to remotely connect to company networks. But now VPN services are available to the masses for accessing region-restricted content and remaining anonymous online. Customers essentially connect to a remote server and use its connection to surf the internet, hiding their online address in the process.

Although your internet service provider can’t log your activity while using a VPN, there’s no guarantee VPN service providers themselves aren’t keeping track of your online travels. NordVPN states that it does not keep logs, however, including “connection timestamps, session information, used bandwidth, traffic data, IP addresses, or other data.”

NordVPN says it didn’t disclose the breach immediately due to its lengthy investigation across its entire infrastructure.

“We had to make sure that none of our infrastructure could be prone to similar issues,” the company reports. “This couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure.”

The security alert arrives after reports surfaced claiming attackers breached NordVPN and obtained an expired Transport Layer Security key. NordVPN says the attacker retrieved this key during the breach, but it cannot be used to decrypt VPN traffic on other servers. Instead,  the attacker could create a fake NordVPN server to redirect traffic and launch a man-in-the-middle-attack on a single connection.

NordVPN says more than 3,000 servers run its VPN service. In this situation, it contracted an “unreliable server provider,” and this was an “isolated case.” The company canceled its contract and “shredded” all servers rented through the unnamed supplier.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Anthropic is giving away Claude Fable 5 at no extra cost for a limited time
You can try Claude Fable 5 for free - but don't wait too long
Electronics, Mobile Phone, Phone

Anthropic is making it a little easier for paying subscribers to try its newest AI model without spending extra money. The company has announced a limited-time promotion that gives users on eligible paid plans access to Claude Fable 5 at no additional cost until July 19, 2026. There's a catch, though: the model isn't completely unlimited, and once you hit a usage threshold, you'll either need to start paying or switch to another Claude model.

The promotion comes as competition in the AI assistant market continues to intensify. OpenAI, Google, Microsoft and Anthropic are all racing to get users onto their latest flagship models, often using free trials or promotional access to encourage adoption. Rather than offering unlimited access, Anthropic is betting that giving subscribers enough time to experience Fable 5's capabilities will convince many to continue using it after the promotion ends.

Read more
Scammers are now cloning trusted news websites to steal your money
Breaking news: That breaking news probably isn't breaking news
Scammers are turning trusted news brands into investment traps

Seeing a story on the website of a trusted news organisation is usually enough to lower your guard. Cybercriminals know that, and they're increasingly exploiting the credibility of major publishers to steal money from unsuspecting readers. The latest example involves fake Guardian articles featuring billionaire Jim Ratcliffe. Still, the scam is part of a much larger campaign that's also impersonating the BBC and other well-known media outlets.

According to The Guardian, fraudsters are creating convincing clones of legitimate news websites and filling them with fabricated stories designed to lure readers into bogus cryptocurrency and investment schemes. Instead of trying to hack victims directly, the scammers first convince them they're reading real journalism.

Read more
This floating AI robot looks like it escaped a Studio Ghibli film, and that’s exactly the point
Finally, a flying robot that probably won't chase your cat
Cuddle-Fish is an innovative soft-bodied, lighter-than-air robot created by researcher Mingyang Xu at Keio University in Japan.

Most home robots today have one thing in common: they're loud, rigid, and unmistakably robotic. Whether it's a vacuum cleaner bumping into furniture or a drone buzzing overhead, they're built to perform tasks - not necessarily to make people feel comfortable. Researchers in Japan think there's a better way, and it starts with taking inspiration from animated creatures rather than industrial machines.

A research team led by Mingyang Xu at Keio University, in collaboration with institutions including the MIT Media Lab, has unveiled a prototype floating companion robot that glides silently through the air instead of rolling across the floor. Rather than looking like another gadget, the robot resembles a tiny floating creature, drawing inspiration from characters such as Tinker Bell, Pokémon's Mew, and Studio Ghibli's Soot Sprites.

Read more