NordVPN reveals it was breached in 2018 - htxt.africa
In recent years NordVPN has been on a rampant marketing push with everybody from YouTube comedians to gamers touting the privacy features of the tool.
While we're not disputing how well a VPN works, a recent disclosure is cause for concern.
NordVPN has declared that it recently became aware of a breach in 2018. The firm says a server in a data centre it uses in Finland was accessed without authorisation. The attacker reportedly gained access to the server through remote management software that the data centre provider installed. Strangely, NordVPN says it was not aware that the software was on the server.
The good news is that this was an isolated incident and no usernames or passwords were compromised.
"When we learned about the vulnerability the datacenter had a few months back, we immediately terminated the contract with the server provider and shredded all the servers we had been renting from them. We did not disclose the exploit immediately because we had to make sure that none of our infrastructure could be prone to similar issues. This couldn't be done quickly due to the huge amount of servers and the complexity of our infrastructure," NordVPN wrote in a statement.
Of course, there is bad news and as you might imagine, it's rather bad.
Speaking to The Verge, member of its advisory board Tom Okman said that an attacker may have been able to view the websites a user was accessing from that Finnish server.
"Potential attackers could have gotten only into that server and only intercept the traffic and seen what websites people are browsing - not the content, only the website - for a limited period of time, only in that isolated region," Ockman said.
As a result of this incident NordVPN has said it is working to improve its security mechanisms and has undergone an application security audit. The firm will also be creating a bug bounty programme.
"Even though only 1 of more than 3000 servers we had at the time was affected, we are not trying to undermine the severity of the issue. We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers," writes NordVPN.
We agree with the firm there, it failed to uphold the security and privacy of its users. Even if an attacker was only able to access a system once last year, that is not good enough.
What dumbfounds us is the fact that NordVPN was unaware of the software its server provider had installed on said server.
Perhaps this will present a teachable moment for NordVPN - if you want to do something right, you need to be a lot more hands-on.
Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
In this day and age, there appear to be a few worrisome common trends. One of those trends comes in the form of technology companies and service providers getting hacked. One of the most recent
In brief: The vulnerability wasn't immediately disclosed because NordVPN needed to make sure none of their other servers were prone to similar issues. This "couldn't be done quickly due to the huge amount of servers
NordVPN says one of its servers was breached in March 2018, exposing some of the browsing habits of customers who were using the VPN service to keep their data private. NordVPN says the
NordVPN confirmed on Monday that an attacker breached a server it rented from a Finland-based data center. The company, which described the event as an attack rather than a more-common hack, says the breach took
NordVPN picked the wrong data center provider and is now paying it with negative publicity. A malicious actor has compromised the unprotected server and had it running for a full month. NordVPN knew
NordVPN, one of the world's most popular providers, has confirmed that it was hacked by an unidentified party as early as March 2018. Details are still scant but the virtual private network provider has confirmed
NordVPN, one of the most highest-rated VPNs and one we just recently recommended, says they have been hacked, reports TechCrunch. The company said that one of its rented data centers in Finland was accessed without
More News in Technology
A scientist warned that blowing up an asteroid in a last-ditch effort to save Earth could have serious consequences. Aside from causing multiple impact events, this strategy could also cause thousands of radioactive asteroids to
(Image: Getty Images/iStockphoto) Next month, a huge asteroid is set to skim past our planet, NASA has revealed. The asteroid, which has been given the catchy name '481394 (2006 SF6)', is
There's only one photo but it provides a great look at the new M3's rear end. Evolve Automotive is a British firm that specialises in tuning BMWs, and a post on its Facebook
Black Friday deals often see Amazon's devices reduced in price, but this excellent deal on the Amazon Echo Input delivers on the cost carve but right now, with a going-on-half-price 43% slashed off its price. And
HTC, the Taiwanese company, has released an updated version of a smartphone with a full Bitcoin node. Blockchain is on track to adoption. In May, HTC announced it was working on a budget version