VPN provider NordVPN admitted an attacker breached a server rented by the company in a Finland-based data center. According to the blog post published by the NordVPN, only possible was performing a personalized and complicated man-in-the-middle attack to intercept a single connection. Thanks to NordVPN’s logging policy, it was impossible for the attacker to access usernames or passwords but also there were no user activity logs either.
NordVPN: We weren’t aware
The breach took place in March of 2018. The attacker exploited an insecure remote management system, caused by the unnamed data center, but NordVPN wasn’t aware of the situation. The company learned the incident and ended the contract with the data-center immediately and removed all the data stored on their servers.
Although the issue affected only one server, NordVPN also declared that they are accelerated the encryption of all of our servers which includes 3,000 servers connected by a complex infrastructure. The company also claimed. We are taking all the necessary means to enhance our security.
We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program. We will give our all to maximize the security of every aspect of our service, and next year we will launch an independent external audit all of our infrastructures to make sure we did not miss anything else." in their blog post.