NordVPN, one of many VPNs (Virtual Private Networks) available to anyone with an internet connection, has confirmed it's been hacked. This admission comes on the heals of earlier rumors that the company had been breached. It appears an expired internal security key was exposed, allowing anyone outside the company unauthorized access. A NordVPN spokesperson said the breach was discovered a few months ago, but only made the information public today because it wanted to be "100 percent sure that each component within our infrastructure is secure."
The data breach happened in March of 2018, when an unauthorized individual accessed a server the company was renting in Finland. The server had been active for a month beforehand, and the attacker exploited an insecure remote management system left by the data center provider. While the company has intrusion detection systems installed to find breaches like this, it did not predict that it would or could come from a "remote management system left by the data center provider" as it did in this case. NordVPN said it was unaware that that system even existed.
However, the company maintains that the attacker did not gain access to activity logs, user-credentials, or any other sensitive information. NordVPN maintains what it says is a strict "zero logs" policy. "We don’t track, collect, or share your private data," the company says on its website.
Troubling, however, is that one NordVPN researcher, who declined to be identified, said this attack is indicative of a larger issue, a "full remote compromise of this provider's systems."
VPNs help protect your online data by creating a private network across a shared or public one—basically allowing anyone connected to the same network to send and receive data as if they were connected directly to a private network. Many corporations use VPN services for remote users, while for home use, VPNs are often used to circumvent things like geo-blocks to watch a video or access other media not available in a specific region. They can also connect to proxy servers to further protect personal identity on the internet (for good or evil intent).
If you are a NordVPN user and want to take precautions, there are other excellent VPN services that you might be interested in.