Skip to main content

NordVPN confirms an attacker breached a rented Finland server

NordVPN confirmed on Monday that an attacker breached a server it rented from a Finland-based data center. The company, which described the event as an attack rather than a more-common hack, says the breach took place in March 2018, but the attacker did not retrieve any customer information.

“The attacker gained access to the server by exploiting an insecure remote management system left by the data center provider while we were unaware that such a system existed,” the company reports. “The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.”

The server in question came online on January 31, 2018.  The unnamed company maintaining the data center allegedly discovered that its vulnerable remote management account remained on the rented server and deleted it on March 28, 2018, without informing NordVPN. The popular VPN provider supposedly didn’t even know this account existed until “a few months ago.”

A virtual private network, or VPN, creates a secure “tunnel” across the internet. These connections were originally intended for employees to remotely connect to company networks. But now VPN services are available to the masses for accessing region-restricted content and remaining anonymous online. Customers essentially connect to a remote server and use its connection to surf the internet, hiding their online address in the process.

Although your internet service provider can’t log your activity while using a VPN, there’s no guarantee VPN service providers themselves aren’t keeping track of your online travels. NordVPN states that it does not keep logs, however, including “connection timestamps, session information, used bandwidth, traffic data, IP addresses, or other data.”

NordVPN says it didn’t disclose the breach immediately due to its lengthy investigation across its entire infrastructure.

“We had to make sure that none of our infrastructure could be prone to similar issues,” the company reports. “This couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure.”

The security alert arrives after reports surfaced claiming attackers breached NordVPN and obtained an expired Transport Layer Security key. NordVPN says the attacker retrieved this key during the breach, but it cannot be used to decrypt VPN traffic on other servers. Instead,  the attacker could create a fake NordVPN server to redirect traffic and launch a man-in-the-middle-attack on a single connection.

NordVPN says more than 3,000 servers run its VPN service. In this situation, it contracted an “unreliable server provider,” and this was an “isolated case.” The company canceled its contract and “shredded” all servers rented through the unnamed supplier.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
NordVPN vs. ExpressVPN: Which VPN is best for you?
generic VPN on Mac from pexels by stefan coders.

The best VPN is a tough one to figure out. With so many different options out there, it can feel like a battle to know how to trawl through the VPN deals out there and find the right service for you. However, it really doesn't have to be. That's because we're on hand to help you figure out which is the best between two of the biggest names in the VPN world -- NordVPN and ExpressVPN.

With multiple different reasons to sign up for a VPN, it's worth evaluating the strengths and weaknesses of the most popular services. Whether you're looking for the best VPN for streaming, looking for a Netflix VPN or you're simply keen to check out a VPN free trial, we've got your back.

Read more
Is NordVPN free? A detailed look at how much the service costs
The NordVPN logo on a purple background.

If you're thinking about signing up for a new VPN, you're almost certainly wondering how much NordVPN costs. As one of the biggest names in VPNs out there, NordVPN is a hugely tempting proposition whatever the price. However, the NordVPN cost is actually pretty reasonable for what it provides. If you want to know all about the NordVPN price structure and learn a little bit about the best VPN out there, we have all the details on the NordVPN price along with whether there's a free trial out there. Read on while we guide you through it.
Today's best NordVPN deals

How much does NordVPN cost?
There are plenty of different options available to you with the VPN providing an extensive pricing structure that means plenty of flexibility when it comes to spreading out the NordVPN cost.

Read more
Is NordVPN safe? A look at its safety and security measures
The NordVPN logo on a purple background.

If you're a semi-regular user of the internet, you might have seen NordVPN pop up in advertisements or as sponsored content on YouTube and around the internet. NordVPN is, by far, the most popular VPN on the market right now. Being the frontrunner in any industry comes with a lot of scrutiny and competition, and many great VPNs are knocking on the door of NordVPN's dominance.

However, seeing as most casual internet users are exposed to NordVPN the most, we've decided to take an extensive look into the service and analyze what you get out of your subscription. We analyzed all the security features the service offers and what the company does with your privacy and information. If you worry about your online identity and data when browsing the internet, we encourage you to read on so you can grasp the full scope of whether NordVPN is safe.
Why use NordVPN
Companies need to ensure that their service shows up first to an untapped audience in this attention-based economy on the internet. The vast majority of customers base their purchasing decisions on the first few search results shown to them, including advertisements. After a quick search of the very broad term 'VPN' with millions of searches a month, you'll see that NordVPN is consistently the top result. Now, we understand that marketing power and budget don't necessarily indicate a strong product.  It provides a lot of exposure, though, which allows the general community to test the product and give unbiased reviews. And NordVPN frequently tops everyone's best VPN lists. It's also our pick for the best Fire TV Stick VPN and the best Chrome VPN extension.

Read more