NordVPN Admits They Were Hacked Last Year, But Insist No User Credentials Were Affected

NordVPN Admits They Were Hacked Last Year, But Insist No User Credentials Were Affected

NordVPN said that the security breach occurred in March 2018, affecting one of their servers in Finland. However, user credentials were affected.

Share this:

We are often told to rely on VPN services to keep our activities private and safe on the internet. However, sometimes even the safest service provides fail to give us the security and end up being hacked. As a matter of fact, there can be nothing worse than a compromised VPN. Something similar happened last year, when widely recommended NordVPN was hacked and unknown attackers managed to breach one of its servers, the company said on October 21. The issue came to light after a marketing tweet made by NordVPN said, “Ain't no hacker can steal your online life. (If you use VPN). Stay safe.” The tweet was accompanied by a link to the NordVPN website with the tag line “Get NordVPN. For your own peace of mind.” However, the tweet was later taken down.

According to the service provider, the security breach occurred in March 2018. NordVPN got to know about the hack several months ago. However, it waited to release further details on the same before ensuring its security. The security provider cleared it all through an official response on Twitter. They clarified that one of their servers was affected in March 2018 in Finland. It read, “The breach was made possible by poor configuration on a third-party datacenter’s part that we were never notified of. Evidence suggests that when the datacenter became aware of the intrusion, they deleted the accounts that had caused the vulnerabilities rather than notify us of their mistake.”

The security service provider company was also quick to explain how it managed to make things fall into correct places. Soon after learning about the breach, NordVPN says it terminated the contract with the server and began an extensive audit of the entire service. Giving further details, it has clarified that no user credentials were affected and the intruder could not attempt to monitor user traffic in any way. However, it also mentioned that two other VPN providers were impacted in attacks.

Next Story