Computer and Technology News.
The facts: what happened
- There are no signs showing that any of our customers were affected or that their data was accessed by the malicious actor.
- While being connected to the server, the hacker could only see what an ordinary ISP would see, but it could not have been personalized or linked to a particular user.
- The intruder managed to gain access to a single server we were renting from a Finnish data center.
- The server itself did not contain any user activity logs. None of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted.
- Our service as a whole was not hacked; our code was not hacked; the VPN tunnel was not breached. The NordVPN applications are unaffected. It was an individual instance of unauthorized access to 1 of more than 5000 servers we have.
- The hacker managed to access this server because of the mistakes made by the data center owner, of which we were not aware.
- As soon as we found out about the issue, we ceased our relationship with this particular data center and shredded the server.
- It was not a targeted attack against NordVPN – as the media has discovered, at least two other VPN services were affected. There’s a chance that other services that rented servers from this data center could have been affected as well.
- The incident effectively showed that the affected server did not contain any user activity logs. To prevent any similar incidents, among other means, we encrypt the hard disk of each new server we build. The security of our customers is the highest priority to us and we will raise the standards even more.
Timeline:
1. The affected server was brought online on January 31st, 2018.
2. Evidence of the breach appeared in public on March 5th, 2018. *Further evidence suggests that this information only became available soon after the breach actually occurred.*
3. The potential for unauthorized access to our server was restricted when the data center deleted the undisclosed management account on March 20th, 2018.
4. The server was shredded on April 13, 2019 – the moment we suspected a possible breach.
We as well updated our blog post: https://nordvpn.com/blog/official-response-datacenter-breach/.
Further News Topics: