NordVPN admits being compromised in 2018

NordVPN, one of the world’s most popular VPN providers, has confirmed that it was hacked by an unidentified party as early as March 2018.

Details are still scant but the virtual private network provider has confirmed to Techcrunch that one of its datacenters was penetrated last year.

Laura Tyrell, a spokesperson for NordVPN, told the publication that “One of the datacenters in Finland we are renting our servers from was accessed with no authorization.” While NordVPN has a “zero log” policy that was recently independently audited, one may question the motives of the hacker or hackers. 

“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” added the spokesperson.

“On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.”

Two separate VPN issues

The hacker identified an insecure remote management system that was operated by the datacenter provider and had full root access to a container server thanks to an expired TLS certificate.

In the own words of fellow hacker @hexdefined, this allowed “full control of everything in it (presumably including the ability to view and tamper with all network traffic going through it)”.

To make things even more interesting, two other…