Skip to main content

NordVPN confirms an attacker breached a rented Finland server

NordVPN confirmed on Monday that an attacker breached a server it rented from a Finland-based data center. The company, which described the event as an attack rather than a more-common hack, says the breach took place in March 2018, but the attacker did not retrieve any customer information.

“The attacker gained access to the server by exploiting an insecure remote management system left by the data center provider while we were unaware that such a system existed,” the company reports. “The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either.”

Recommended Videos

The server in question came online on January 31, 2018.  The unnamed company maintaining the data center allegedly discovered that its vulnerable remote management account remained on the rented server and deleted it on March 28, 2018, without informing NordVPN. The popular VPN provider supposedly didn’t even know this account existed until “a few months ago.”

A virtual private network, or VPN, creates a secure “tunnel” across the internet. These connections were originally intended for employees to remotely connect to company networks. But now VPN services are available to the masses for accessing region-restricted content and remaining anonymous online. Customers essentially connect to a remote server and use its connection to surf the internet, hiding their online address in the process.

Although your internet service provider can’t log your activity while using a VPN, there’s no guarantee VPN service providers themselves aren’t keeping track of your online travels. NordVPN states that it does not keep logs, however, including “connection timestamps, session information, used bandwidth, traffic data, IP addresses, or other data.”

NordVPN says it didn’t disclose the breach immediately due to its lengthy investigation across its entire infrastructure.

“We had to make sure that none of our infrastructure could be prone to similar issues,” the company reports. “This couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure.”

The security alert arrives after reports surfaced claiming attackers breached NordVPN and obtained an expired Transport Layer Security key. NordVPN says the attacker retrieved this key during the breach, but it cannot be used to decrypt VPN traffic on other servers. Instead,  the attacker could create a fake NordVPN server to redirect traffic and launch a man-in-the-middle-attack on a single connection.

NordVPN says more than 3,000 servers run its VPN service. In this situation, it contracted an “unreliable server provider,” and this was an “isolated case.” The company canceled its contract and “shredded” all servers rented through the unnamed supplier.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
How many devices can you use NordVPN on?
The NordVPN logo appears on a MacBook.

When picking out the best VPN for your needs, the number of devices you're able to use with it is generally very important. These days, we all have at least a computer and smartphone. Often, however, there are far more devices at one's disposal. These can include tablets, games consoles, smart TVs, and even smart home devices like light bulbs. Considering NordVPN? We've got you covered with everything you need to know about how many devices you can use with it.

How many devices can you use NordVPN on?
NordVPN allows you to use up to six devices at once while connected to one NordVPN account. That should be more than enough for the majority of users. You can hook up your computer, smartphone, tablet, and much more through the service.

Read more
NordVPN vs. CyberGhost: Which VPN is best for you?
The NordVPN logo appears on a MacBook.

If you're looking for the best VPN, you may have come across a lot of different choices, but a few may stick out to you due to how popular they seem to be among analysts and experts. While that may narrow it down some, there seem to be so many VPN deals on the internet that you quickly get overwhelmed with the abundance of options to choose from. The Digital Trends team is here to help you make your choice with our new series of comparative articles that compare and contrast the biggest VPN names on the market. For today's article, we present you with two huge names in the industry: NordVPN and CyberGhost.

Whatever you may use your VPN subscription for, this article will go over the pros and cons of each service and whether it may be right for you. If you want to find the best VPN for streaming with a good Netflix VPN, we'll discuss that in this article. Conversely, if you care more about security and privacy, we'll go extremely in-depth about what makes these VPNs tick. Or, if you're just looking to compare prices between two services and bag yourself a potential VPN free trial, we've got your back. Without further hesitation, let's dive in and analyze NordVPN vs CyberGhost and which may be better for you.

Read more
NordVPN vs. ExpressVPN: Which VPN is best for you?
generic VPN on Mac from pexels by stefan coders.

The best VPN is a tough one to figure out. With so many different options out there, it can feel like a battle to know how to trawl through the VPN deals out there and find the right service for you. However, it really doesn't have to be. That's because we're on hand to help you figure out which is the best between two of the biggest names in the VPN world -- NordVPN and ExpressVPN.

With multiple different reasons to sign up for a VPN, it's worth evaluating the strengths and weaknesses of the most popular services. Whether you're looking for the best VPN for streaming, looking for a Netflix VPN or you're simply keen to check out a VPN free trial, we've got your back.

Read more