• Last Updated:
  • Oct 22nd, 2019 5:00 pm
Tags:
[OP]
Deal Guru
User avatar
Feb 10, 2007
11712 posts
2832 upvotes

Nordvpn hacked

https://techcrunch.com/2019/10/21/nordv ... as-hacked/
NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked.

The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.

VPN providers are increasingly popular as they ostensibly provide privacy from your internet provider and visiting sites about your internet browsing traffic. That’s why journalists and activists often use these services, particularly when they’re working in hostile states. These providers channel all of your internet traffic through one encrypted pipe, making it more difficult for anyone on the internet to see which sites you are visiting or which apps you are using. But often that means displacing your browsing history from your internet provider to your VPN provider. That’s left many providers open to scrutiny, as often it’s not clear if each provider is logging every site a user visits.

For its part, NordVPN has claimed a “zero logs” policy. “We don’t track, collect, or share your private data,” the company says.

But the breach is likely to cause alarm that hackers may have been in a position to access some user data.

NordVPN told TechCrunch that one of its data centers was accessed in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell.

The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider, which NordVPN said it was unaware that such a system existed.

NordVPN did not name the data center provider.

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said the spokesperson. “On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”

According to the spokesperson, the expired private key could not have been used to decrypt the VPN traffic on any other server.

NordVPN said it found out about the breach a “few months ago,” but the spokesperson said the breach was not disclosed until today because the company wanted to be “100% sure that each component within our infrastructure is secure.”

A senior security researcher we spoke to who reviewed the statement and other evidence of the breach, but asked not to be named as they work for a company that requires authorization to speak to the press, called these findings “troubling.”

“While this is unconfirmed and we await further forensic evidence, this is an indication of a full remote compromise of this provider’s systems,” the security researcher said. “That should be deeply concerning to anyone who uses or promotes these particular services.”

NordVPN said “no other server on our network has been affected.”

But the security researcher warned that NordVPN was ignoring the larger issue of the attacker’s possible access across the network. “Your car was just stolen and taken on a joy ride and you’re quibbling about which buttons were pushed on the radio?” the researcher said.

The company confirmed it had installed intrusion detection systems, a popular technology that companies use to detect early breaches, but “no-one could know about an undisclosed remote management system left by the [data center] provider,” said the spokesperson.

“They spent millions on ads, but apparently nothing on effective defensive security,” the researcher said.

NordVPN was recently recommended by TechRadar and PCMag. CNET described it as its “favorite” VPN provider.

It’s also believed several other VPN providers may have been breached around the same time. Similar records posted online — and seen by TechCrunch — suggest that TorGuard and VikingVPN may have also been compromised.

A spokesperson for TorGuard told TechCrunch that a “single server” was compromised in 2017 but denied that any VPN traffic was accessed. TorGuard also put out an extensive statement following a May blog post, which first revealed the breach.
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
11 replies
Deal Expert
Aug 22, 2006
26047 posts
11519 upvotes
potentially allowing anyone to spin out their own servers imitating NordVPN.

Breaching PII is old news.
This is where it's hilarious.

Although I wonder how useful this would actually be.
The number of people using this for "security" purposes should be low. I'm assuming most people are using it for geolocation services instead of privacy related.
Sr. Member
User avatar
Apr 29, 2018
562 posts
322 upvotes
Twitter threads where the hack was found - -
Member
Apr 14, 2006
389 posts
177 upvotes
St Johns
I believe I posted at least 3 times about how this is a bad service, slow, unreliable and now it was hacked... I’m not surprised.
Private Internet has been flawless. PcMag has been pumping this service for $$.
When a VPN service gets hacked you are seriously exposed.

Good luck.
https://techcrunch.com/2019/10/21/nordv ... as-hacked/
[OP]
Deal Guru
User avatar
Feb 10, 2007
11712 posts
2832 upvotes
haha, everyone is pumping their service because of the advert money

and ppl fall for it
tradinghumble wrote: I believe I posted at least 3 times about how this is a bad service, slow, unreliable and now it was hacked... I’m not surprised.
Private Internet has been flawless. PcMag has been pumping this service for $$.
When a VPN service gets hacked you are seriously exposed.

Good luck.
https://techcrunch.com/2019/10/21/nordv ... as-hacked/
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
Deal Expert
User avatar
Nov 15, 2004
18381 posts
3240 upvotes
Toronto
This is why you shouldn’t use password managers either.
Deal Expert
Aug 22, 2006
26047 posts
11519 upvotes
vikingvpn and Torguard too it looks like from an archived 8chan post.
Newbie
Nov 26, 2018
5 posts
4 upvotes
Such a fake fuss with a crystal clear motive... TechCrunch forgot to mention a little nuance, that changes the whole game- they are owned by a competitor's VPN company... and somehow they keep this info down. Get it? They want to feast on the situation and pour the clickbait info to surf on hype.
Deal Fanatic
User avatar
Mar 31, 2017
5975 posts
2546 upvotes
But they did get hacked, right? An online security people trusted, got hacked.
Member
Apr 14, 2006
389 posts
177 upvotes
St Johns
Carrotjuicey wrote: Such a fake fuss with a crystal clear motive... TechCrunch forgot to mention a little nuance, that changes the whole game- they are owned by a competitor's VPN company... and somehow they keep this info down. Get it? They want to feast on the situation and pour the clickbait info to surf on hype.
Nahhhhhh... they are not that sophisticated but they are indeed incompetent.

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)