NordVPN, TorGuard and VikingVPN were compromised

[Threadripper]

Read the full Twitter thread here

So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys...

This is running on localhost (with an /etc/hosts entry), but it's what a MitM attempt would look like. Of course, if the key was used before it had expired, there would be no warnings...

And someone just mentioned to me that past encrypted sessions may be able to be decrypted, which is a much bigger issue!

OpenVPN keys were leaked as well as the expired *.nordvpn.com TLS cert. I haven't researched enough about OpenVPN to know if it's using forward secrecy, though you'd hope so

I should probably make it clear that whoever compromised NordVPN had root access to a container server, allowing full control of everything in it (presumably including the ability to view and tamper with all network traffic going through it). Why was this never detected?

 

[Aleeyen]

Could this be the reason that users in some forums are offering free Nord VPN accounts?

 

[Threadripper]

Could this be the reason that users in some forums are offering free Nord VPN accounts?

This is happening with every VPN unfortunately, Ebay is full of jacked accounts. People reuse compromised passwords and never check HaveIBeenPwned making jacking an account with a premium subscription and selling it child's play.

 

[blackice]

Nord has always been shady. I trialed it a couple years ago and found it to be a quality service, but got irked by all the behind the scenes goings on that didn’t seem quite right.

 

[blackice]

This is happening with every VPN unfortunately, Ebay is full of jacked accounts. People reuse compromised passwords and never check HaveIBeenPwned making jacking an account with a premium subscription and selling it child's play.

Their Reddit is always full of people saying Nord has been hacked when it always turns out someone used the same password for multiple accounts that got compromised. HaveIBeenPwned is a wonderful resource.

 

[Threadripper]

TorGuard and VikingVPN were also compromised, but more on the topic of NordVPN specifically:

• Their owners and management are anonymous, they could be literally anybody.
• They are based in Panama, a tax haven with virtually no digital privacy laws and high levels of law enforcement corruption.
• Their ads are complete BS, from fake countdowns for deals on their website, to exaggerated "anti-malware" capability" which is just DNS blocking (while this is a good thing, they market it completely inappropriately). They can't even spell Ubuntu right...
  
• It was compromised: root access gained, OpenVPN keys leaked and their expired TLS cert leaked.

...and people still trust them.

 

[Captain Awesome]

Is windscribe safe?

 

[blackice]

Is windscribe safe?

Windscribe seems fine if you aren’t passing state secrets or hiding from serious threats. If you’re worried about torrenting or geolocation traffic you’re good.

 

[Threadripper]

Is windscribe safe?

Windscribe's transparency is 10/10, been using them for 4 years - no complaints.

 

[ForgottenSeer 823865]

Is windscribe safe?

Windscribe's transparency is 10/10, been using them for 4 years - no complaints.

i will say one of the best among the "commercial" ones.

 

[Threadripper]

i will say one of the best among the "commercial" ones.

They're very good at exposing VPN review sites who ask for money to get Windscribe ranked higher. Good thing about Windscribe is I know the owners name, what he looks like and they have a business address I can find... unlike Nord and similar.
Windscribe Transparency