NordVPN admits to 'isolated' server breach in Finland
"The only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com," the company wrote in a blog post.
The incident took place in March 2018, when an unauthorized person accessed a server NordVPN rented from a third-party data center in Finland. They exploited an "insecure remote management system" that the data center provider left in place. NordVPN wasn't aware that such a system existed.
The affected server was added to NordVPN's server list on January 31st that year. The provider detected the vulnerability and removed the remote management account on March 20th without informing NordVPN.
The company learned of the incident a few months ago and right away ended its contract with the data center provider and scrubbed all the data it had on the rented servers. It didn't disclose the breach immediately because it had to audit the rest of its infrastructure to ensure similar issues wouldn't occur elsewhere. It also "accelerated the encryption of all of our servers." That took some time because of its complex infrastructure and the more than 3,000 servers it uses.
The issue didn't affect any of NordVPN's other servers or data centers. It says it will require providers it works with to meet higher security standards. It's also moving all of its servers to RAM, a process that should be completed next year.
While the breach doesn't seem to have had a significant impact on user privacy, it's not a great look for a company that touts itself as offering "secure and private access to the internet." As such, NordVPN is doubling down on security. "We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program," it wrote in the post. "[Next] year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else."
More News in Technology
A comprehensive research study generated by extensive primary research (inputs from stakeholders, industry experts, companies) and secondary research, the report aims to present the detailed study of the global Nuclear Decommissioning Services Market.The
Adolescents who play contact sports, including football, are no more likely to experience cognitive impairment, depression or suicidal thoughts in early adulthood than their peers, according to to a study. Researchers from the University
We are no stranger to chameleons camouflaging for self-defense, but make way for the new entrant in the block: a Congolese giant toad. Majorly found in central African rainforests, the toad disguises itself as one
Most people believe that affordable smartphones don't really have much to offer in terms of features, specs, and design but Motorola might be able to change that as new reports suggest that
NEW YORK, Oct. 21, 2019 /PRNewswire/ -- As the MoMA reopens today to the public after a $450 million renovation, there is sure to be even more noise about the additional 47,000-square-feet and the 1,000
Motorola is reportedly set to launch the latest iteration of the iconic Moto G series, the Moto G8, as early as next month. The lineup is expected to be unveiled in Brazil later this week,