NordVPN Confirms one of its Data Center Servers was Compromised in 2018

In this day and age, there appear to be a few worrisome common trends. One of those trends comes in the form of technology companies and service providers getting hacked. One of the most recent victims of such an attack is NordVPN. The company confirmed the hack this week, although it seems unlikely any user information has been obtained. The internal investigation is still ongoing at this time. 

The NordVPN Hack

For a little while now, there have been rumors as to how popular VPN service provider NordVPN might have been breached. The initial claims mentioned how the company’s expired internal private key was exposed to the outside world. If such a key would be leaked, it allows anyone in the world to imitate NordVPN’s server, which would have rather catastrophic consequences. Earlier this week, the company confirmed a breach had taken place although the full extent of the damage done remains somewhat unclear as of right now. 

One reason why NordVPN is so popular is because it guarantees customers they will not keep any activity logs. Moreover, they do not track, collect or share private user data with anyone. As consumers require more privacy while browsing the internet on a daily basis, the demand for such services will only increase over time. When a service provider of this kind gets hacked, however, there is plenty of reason to be somewhat concerned. 

What Happened in 2018?

According to a NordVPN spokesperson, there has been a breach of one of its data centers back in March 2018. That data center is located in Finland, where the company is renting servers. Someone without the proper authorization gained access to one of these servers, which had only been up-and-running for a month at that time. The hack relies on an insecure remote management tool left by the data center provider. As such, this entire scenario was outside the control of NordVPN, as they did nothing to facilitate this hack.

Although the server has no user activity logs, usernames, or passwords, the data breach is still worrisome. It is still possible website traffic was manipulated by utilizing a complicated man-in-the-middle attack, albeit that scenario seems rather unlikely at this time. None of the traffic passing through this server could have been decrypted while using the expired private key. Whereas these events took place in March 2018, NordVPN only found out a few months ago. Ever since then, an internal investigation has been launched to ensure the company’s infrastructure is 100% secure.

The Bigger Problem 

Some sources close to the matter claim this data breach is only one minor facet of a bigger problem. One researcher goes as far as claiming how NordVPN should spend more money on defensive countermeasures instead of advertising. That is a bit of a harsh sentiment, although it is evident that these companies need to be as secure as humanly possible. That also means vetting any services provided by third-party partners, including data centers. A remote compromise of a VPN provider’s system should not be taken lightly. While the company claims no other servers on its network were affected, the forensic investigation is still going on.