NordVPN confirms 2018 security breach involving datacenter partner

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Content source
https://www.techspot.com/news/82431-nordvpn-confirms-2018-security-breach-involving-datacenter-partner.html
The vulnerability wasn’t immediately disclosed because NordVPN needed to make sure none of their other servers were prone to similar issues. This “couldn’t be done quickly due to the huge amount of servers and the complexity of our infrastructure,” we’re told.

Virtual private network service provider NordVPN on Monday said it has learned of a security issue involving a datacenter partner.

As the timeline goes, the single affected server was built and added to NordVPN’s server list in Finland on January 31, 2019. At some point, an attacker gained access to the server via an insecure remote management system left behind by the datacenter. “We were unaware that such a system existed,” said NordVPN blog editor Daniel Markuson.

The datacenter reportedly noticed the vulnerability and deleted the remote management account without notifying NordVPN on March 20, 2018.

Markuson said the VPN provider learned of the vulnerability “a few months back” and promptly terminated all contracts with the company. They also launched an internal audit to check their entire infrastructure, conducted an application security audit and started a process to move all of their servers to RAM.

Markuson said the expired TLS key taken when the server was exploited couldn’t have been used to decrypt the VPN traffic of any other server. “On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM (man-in-the-middle) attack to intercept a single connection that tried to access nordvpn.com.”

Furthermore, NordVPN said that no user credentials were taken and that the server did not contain any user activity logs.

NordVPN said it is now holding their datacenter partners to “even higher standards” and is working on a bug bounty program.
Click to expand...
 
  • Like
  • Wow
Reactions: g4nu5, [correlate], Deletedmessiah and 9 others
F

ForgottenSeer 58943

"This was done through an insecure remote management system account that the datacenter had added without our knowledge. "

Betting it was an intelligence op. Probably going after some specific users and their activity. With VPN's the compromise is almost always going to be with the datacenter, servers or nodes in front of the data center. This is why intelligence doesn't really fret about (most) VPN services for the most part. Be careful what service you use, and also be wary of the datacenter where the VPN is hosted. (Think Pionen or something)
 
  • Like
Reactions: [correlate], Venustus, Cortex and 2 others
F

ForgottenSeer 823865

ForgottenSeer 58943 said:
"This was done through an insecure remote management system account that the datacenter had added without our knowledge. "

Betting it was an intelligence op. Probably going after some specific users and their activity. With VPN's the compromise is almost always going to be with the datacenter, servers or nodes in front of the data center. This is why intelligence doesn't really fret about (most) VPN services for the most part. Be careful what service you use, and also be wary of the datacenter where the VPN is hosted. (Think Pionen or something)
Click to expand...
It could, but it also could been from hackers. They use virtual servers on shared physical ones, obviously you can't expect security if the others who you share with have weak security standards...
 
  • Like
Reactions: [correlate], Venustus, blackice and 1 other person
F

ForgottenSeer 823865

Fuzzy_Bunny said:
They could at least inform users about it to change passwords. But no, lets be quite and hope it won't come out
Click to expand...
it is bad advertisement if they did, and Nord especially put all its resources on advertising how good and secure they are, you see them everywhere, even on reviews made by some pseudo-experts rating their VPN high while bashing others.
 
  • Like
Reactions: Cortex and harlan4096
computer man

computer man

Level 2
Sep 26, 2019
52
If Nord's security is all they claim it is, then this would be impossible as well as the hacking from a year and a half ago the neglected to tell anyone about. This kind of thing is striclty the result of incompetence on the part of Nord's security team, or they just don't care which is equally possible.
 
  • Like
Reactions: CyberTech and Cortex
Logical0z

Logical0z

New Member
Oct 9, 2018
6
techcrunch blew it out of proportion, because they are owned by other vpn company, which are apparently competitors to nord. anyway, i'm using other provider, but once it happened, i came across a very small website (never heard of it before) with a very neutral and explaining article - maybe someone will find it interesting to read about it
 
You must log in or register to reply here.

Similar threads

Shadowra
    • Like
    • +Reputation
Technology AtlasVPN merges with NordVPN on April 24th
Replies
1
Views
325
Technology News
lyldz
lyldz
silversurfer
    • Like
    • Wow
    • +Reputation
Microsoft acquires Fungible in push for datacenter innovation
Replies
0
Views
318
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • Thanks
Hot Take Results of NordVPN security audit are now available
Replies
0
Views
479
VPN and DNS
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top