Evidence suggests that when the datacenter became aware of the intrusion, they deleted the accounts that had caused the vulnerabilities rather than notify us of their mistake.
The breach was made possible by poor configuration on a third-party datacenter’s part that we were never notified of. NordVPN is blaming the data center in Finland, as they explained in their official response: The answer to this question does not seem to be clear – at least to me. With no data breach, there is no legal obligation for alerting anyone. There’s no evidence to suggest traffic or private data from NordVPN users was exploited in this hack. There’s no way to be 100% certain with anything, but the answer appears to be no. As NordVPN pointed out above, the hacker would need direct access to the user’s device or network for an effective attack (extremely unlikely). This means that even with a TLS key there’s little a hacker could even do, since the keys are used for server authentication and not traffic encryption. Second, NordVPN utilizes perfect forward secrecy, which generates a unique key for every session using ephemeral Diffie-Hellman keys. NordVPN passed a third-party audit by PricewaterhouseCoopers verifying its no-logs policy. NordVPN users have not been compromised by an attacker gaining access to one expired TLS key for a single server in Finland.įirst, the hacker would not have any access to server logs because NordVPN is a no logs VPN provider that does not store anything on its servers. Are NordVPN users compromised?īased on all available evidence, the answer appears to be no. This was an isolated case, and no other servers or datacenter providers we use have been affected. Expired or not, this TLS key could not have been used to decrypt NordVPN traffic in any way. Such an attack would be very difficult to pull off. With this key, an attack could only be performed on the web against a specific target and would require extraordinary access to the victim’s device or network (like an already-compromised device, a malicious network administrator, or a compromised network). The intruder did find and acquire a TLS key that has already expired. But let’s dig deeper.Īs NordVPN pointed out in their official response, When people hear the word “hack” they assume the worst. What could a hacker do with an expired TLS key? While the 2018 post seems to have fallen under the radar, the issue recently erupted on Twitter, which culminated in an article from TechCrunch alleging NordVPN had been “hacked”. In March 2018, someone posted TLS certificates from NordVPN, TorGuard, and VikingVPN on 8chan. Now let’s examine what exactly happened to this server. NordVPN hack: summary of factsįirst, to put things in perspective, this hack affected one NordVPN server in Finland out of a network of approximately 5,000 servers. While the news may be alarming to some, the tangible impact of this issue for NordVPN users is quite limited. Rumors and allegations have been spreading fast, with NordVPN being one of the largest VPNs on the market. Recently media outlets have been publishing a barrage of reports concerning a NordVPN hack occurring on a server in Finland. This guide takes a deep dive into the recent NordVPN hack and examines the facts surrounding the situation, with the latest developments.
0 kommentar(er)
