Virtual private network (VPN) provider NordVPN confirmed last Monday, October 21, 2019, that its systems were breached in 2018. NordVPN provides customers with traffic-masking capabilities that allow users to disguise their location and browsing habits. The company’s confirmation comes after security researchers’ continued allegations over social media platform Twitter.
Tech Crunch reports that a data center of NordVPN became compromised last March 2018. However, the company believes the database was vulnerable from January 31, 2018, to March 20, 2018, notes The Verge. According to spokesperson Laura Tyrell, the attacker accessed the database via an insecure remote management system.
The system was reportedly accessed from its data center in Finland. The data center provider is a Finnish company called Oy Creanova Hosting Solutions Ltd.
Nord advisory board member Tom Okman notes that attackers only accessed a single “exit node,” states Bloomberg. The ‘exit node’ serves as the integral part that disguises the IP address of users.
The database allegedly suffered from a vulnerability, which the provider failed to disclose. However, user information and identity still remain secure.
Although NordVPN revealed its knowledge about the breach, the VPN provider said their firm remained mum on the issue. In a statement, it said it wanted to be “100% sure that each component within our infrastructure is secure.”
Okman also notes the company wanted to verify if the same concern was present across 5,000 of its servers. The firm admits it is still in the process of verifying the incident and securing its database. Nevertheless, it was forcibly thrust into the limelight following the allegations on the issue.
Based on an article by The Verge, no sensitive or personal information has been obtained. NordVPN’s Finnish server contained no traces of username, password, or activity log information. Websites may have been revealed to attackers, however, the content of these pages remains hidden due to its encryption properties.
NordVPN claims that hackers who gained access to the database might have used a now expired encryption key. The company also assumed that attackers may have used the system vulnerability to disguise themselves as NordVPN itself. Even so, Okman maintains the incident is an “isolated” case, with “hack [being] too powerful a word in this case.”
Following its knowledge of the incident, NordVPN broke its contract with Oy Creanova Hosting Solutions Ltd. It also destroyed affected servers the company formerly rented from the database provider. Customers will also be notified via email.
Both companies are blaming each other for the breach. Creanova CEO Niko Viskari remarked NordVPN’s lapse in security, saying “they do not take care of security by themselves.”